본문 바로가기
IT 와 Social 이야기

US-CERT: Bulletin(SB17-240)] 2017년 8월 21일까지 발표된 보안 취약점

by manga0713 2017. 8. 29.

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache2triad -- apache2triad Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. 2017-08-23 7.5 CVE-2017-12965
MISC
MISC(link is external)
BID(link is external)
aptus -- styra_porttelefonkort_4400_firmware Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. 2017-08-18 10.0 CVE-2017-7278
CONFIRM(link is external)
buffalo -- wcr-1166ds_firmware Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. 2017-08-18 7.7 CVE-2017-10811
CONFIRM(link is external)
JVN(link is external)
enecho.meti -- shin_kikan_toukei_houkoku_data_nyuryokuyou_program Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10821
JVN(link is external)
enecho.meti -- shin_kinkyuji_houkoku_data_nyuryoku_program Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10823
JVN(link is external)
enecho.meti -- shin_sekiyu_yunyu_chousa_houkoku_data_nyuryoku_program Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10822
JVN(link is external)
enecho.meti -- teikihoukokusho_sakuseishien_tool Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-2228
JVN(link is external)
formcraft-wp -- formcraft The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php. 2017-08-23 7.5 CVE-2017-13137
MISC(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. 2017-08-18 10.0 CVE-2014-9411
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. 2017-08-18 10.0 CVE-2014-9968
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. 2017-08-18 10.0 CVE-2014-9969
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. 2017-08-18 10.0 CVE-2014-9971
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. 2017-08-18 10.0 CVE-2014-9972
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. 2017-08-18 10.0 CVE-2014-9973
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. 2017-08-18 10.0 CVE-2014-9974
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. 2017-08-18 10.0 CVE-2014-9975
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. 2017-08-18 10.0 CVE-2014-9976
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. 2017-08-18 10.0 CVE-2014-9977
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. 2017-08-18 10.0 CVE-2014-9978
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. 2017-08-18 10.0 CVE-2014-9979
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. 2017-08-18 10.0 CVE-2014-9980
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. 2017-08-18 10.0 CVE-2014-9981
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. 2017-08-18 10.0 CVE-2015-0574
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. 2017-08-18 10.0 CVE-2015-0575
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. 2017-08-18 7.6 CVE-2015-0576
MISC.(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. 2017-08-18 10.0 CVE-2015-8592
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. 2017-08-18 10.0 CVE-2015-8593
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. 2017-08-18 10.0 CVE-2015-8594
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. 2017-08-18 10.0 CVE-2015-8595
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. 2017-08-18 10.0 CVE-2015-8596
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. 2017-08-18 10.0 CVE-2015-9034
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. 2017-08-18 10.0 CVE-2015-9035
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. 2017-08-18 10.0 CVE-2015-9036
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. 2017-08-18 10.0 CVE-2015-9037
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. 2017-08-18 10.0 CVE-2015-9038
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. 2017-08-18 10.0 CVE-2015-9039
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. 2017-08-18 10.0 CVE-2015-9040
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. 2017-08-18 10.0 CVE-2015-9041
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. 2017-08-18 10.0 CVE-2015-9042
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. 2017-08-18 10.0 CVE-2015-9043
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. 2017-08-18 10.0 CVE-2015-9044
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. 2017-08-18 10.0 CVE-2015-9045
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. 2017-08-18 10.0 CVE-2015-9046
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. 2017-08-18 10.0 CVE-2015-9047
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. 2017-08-18 10.0 CVE-2015-9048
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. 2017-08-18 10.0 CVE-2015-9049
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. 2017-08-18 10.0 CVE-2015-9050
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message. 2017-08-18 10.0 CVE-2015-9051
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. 2017-08-18 10.0 CVE-2015-9052
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM. 2017-08-18 10.0 CVE-2015-9053
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding. 2017-08-18 10.0 CVE-2015-9054
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. 2017-08-18 10.0 CVE-2015-9055
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. 2017-08-18 10.0 CVE-2015-9060
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. 2017-08-18 10.0 CVE-2015-9061
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. 2017-08-18 10.0 CVE-2015-9062
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. 2017-08-18 10.0 CVE-2015-9063
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. 2017-08-18 10.0 CVE-2015-9064
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. 2017-08-18 10.0 CVE-2015-9065
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. 2017-08-18 10.0 CVE-2015-9066
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed. 2017-08-18 10.0 CVE-2015-9067
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. 2017-08-18 10.0 CVE-2015-9068
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. 2017-08-18 10.0 CVE-2015-9069
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9070
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9071
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9072
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9073
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. 2017-08-18 10.0 CVE-2016-10343
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE. 2017-08-18 10.0 CVE-2016-10344
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. 2017-08-18 10.0 CVE-2016-10346
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. 2017-08-18 10.0 CVE-2016-10347
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. 2017-08-18 10.0 CVE-2016-10380
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. 2017-08-18 10.0 CVE-2016-10381
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. 2017-08-18 10.0 CVE-2016-10382
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. 2017-08-18 9.3 CVE-2016-10383
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. 2017-08-18 10.0 CVE-2016-10384
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. 2017-08-18 10.0 CVE-2016-10385
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. 2017-08-18 10.0 CVE-2016-10386
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. 2017-08-18 10.0 CVE-2016-10387
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. 2017-08-18 10.0 CVE-2016-10388
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition. 2017-08-18 9.3 CVE-2016-10389
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. 2017-08-18 10.0 CVE-2016-10390
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. 2017-08-18 10.0 CVE-2016-10391
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. 2017-08-18 10.0 CVE-2016-10392
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. 2017-08-18 10.0 CVE-2016-5871
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. 2017-08-18 10.0 CVE-2016-5872
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701. 2017-08-23 9.3 CVE-2017-0805
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition. 2017-08-18 10.0 CVE-2017-7364
SECTRACK(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. 2017-08-18 9.3 CVE-2017-8253
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. 2017-08-18 9.3 CVE-2017-8255
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. 2017-08-18 7.6 CVE-2017-8262
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. 2017-08-18 9.3 CVE-2017-8263
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. 2017-08-18 7.6 CVE-2017-8267
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read. 2017-08-18 9.3 CVE-2017-8268
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). 2017-08-18 9.3 CVE-2017-9678
BID(link is external)
CONFIRM(link is external)
MISC.(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. 2017-08-18 7.6 CVE-2017-9684
BID(link is external)
CONFIRM(link is external)
MISC.(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. 2017-08-18 9.3 CVE-2017-9685
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. 2017-08-22 7.1 CVE-2017-13133
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. 2017-08-23 7.5 CVE-2017-13139
CONFIRM
CONFIRM(link is external)
kddi -- qua_station_firmware Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-2289
JVN(link is external)
libsass -- libsass There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. 2017-08-18 7.8 CVE-2017-12964
MISC(link is external)
linux -- linux_kernel The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. 2017-08-19 7.2 CVE-2017-10662
CONFIRM
CONFIRM
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
linux -- linux_kernel The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. 2017-08-19 7.2 CVE-2017-10663
CONFIRM
CONFIRM
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
nexusphp -- nexusphp NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. 2017-08-21 7.5 CVE-2017-12981
MISC(link is external)
nexusphp_project -- nexusphp SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. 2017-08-18 7.5 CVE-2017-12776
MISC(link is external)
nih -- libzip Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. 2017-08-23 7.5 CVE-2017-12858
BID(link is external)
CONFIRM(link is external)
qnap -- ts-212p_firmware Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. 2017-08-18 7.5 CVE-2017-12582
MISC(link is external)
rarlab -- unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. 2017-08-18 7.5 CVE-2017-12940
MISC
rarlab -- unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. 2017-08-18 7.5 CVE-2017-12941
MISC
rarlab -- unrar libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. 2017-08-18 7.5 CVE-2017-12942
MISC
teikoku_databank -- type_a Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10824
JVN(link is external)
wago -- wago_i/o_plc_758-870_firmware WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. 2017-08-22 10.0 CVE-2015-6473
MISC(link is external)
FULLDISC
BID(link is external)
x.org -- libxfont A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. 2017-08-18 7.5 CVE-2007-5199
CONFIRM(link is external)
CONFIRM

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
altools -- alzip Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename. 2017-08-19 6.8 CVE-2017-11323
MISC(link is external)
MISC(link is external)
apache2triad -- apache2triad Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. 2017-08-23 6.8 CVE-2017-12970
MISC
MISC(link is external)
BID(link is external)
apache2triad -- apache2triad Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. 2017-08-23 4.3 CVE-2017-12971
MISC
MISC(link is external)
BID(link is external)
asn1c_project -- asn1c The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. 2017-08-20 4.3 CVE-2017-12966
MISC(link is external)
asus -- dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. 2017-08-18 6.5 CVE-2017-12592
MISC(link is external)
asus -- dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. 2017-08-18 6.8 CVE-2017-12593
MISC(link is external)
attic_project -- attic attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file". 2017-08-18 4.0 CVE-2015-4082
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
broken_link_checker_project -- broken_link_checker Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. 2017-08-18 4.3 CVE-2015-5057
MLIST(link is external)
BID(link is external)
MISC
ccfile -- cc_file_transfer In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787. 2017-08-21 5.0 CVE-2017-12784
MISC(link is external)
cyrusimap -- cyrus_imap Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. 2017-08-22 4.0 CVE-2017-12843
CONFIRM(link is external)
CONFIRM(link is external)
FEDORA
CONFIRM
d-link -- dir-600_b1_firmware D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. 2017-08-18 5.0 CVE-2017-12943
MISC(link is external)
django-cms -- django_cms Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. 2017-08-18 6.8 CVE-2015-5081
MLIST(link is external)
CONFIRM(link is external)
CONFIRM
dokuwiki -- dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. 2017-08-21 4.3 CVE-2017-12979
CONFIRM(link is external)
dokuwiki -- dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. 2017-08-21 4.3 CVE-2017-12980
CONFIRM(link is external)
easymodal_project -- easy_modal classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. 2017-08-18 6.5 CVE-2017-12946
MISC(link is external)
MISC
easymodal_project -- easy_modal classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. 2017-08-18 6.5 CVE-2017-12947
MISC(link is external)
MISC
exiv2 -- exiv2 There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. 2017-08-18 6.8 CVE-2017-12955
MISC(link is external)
exiv2 -- exiv2 There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. 2017-08-18 4.3 CVE-2017-12956
MISC(link is external)
exiv2 -- exiv2 There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. 2017-08-18 4.3 CVE-2017-12957
MISC(link is external)
fedoraproject -- fedora Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. 2017-08-22 6.8 CVE-2015-5258
FEDORA
CONFIRM(link is external)
gnome -- librest The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. 2017-08-18 5.0 CVE-2015-2675
REDHAT(link is external)
MLIST(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
gnu -- binutils The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. 2017-08-19 4.3 CVE-2017-12967
BID(link is external)
CONFIRM
gnu -- pspp There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 CVE-2017-12958
MISC(link is external)
gnu -- pspp There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack. 2017-08-18 5.0 CVE-2017-12959
MISC(link is external)
gnu -- pspp There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 CVE-2017-12960
MISC(link is external)
gnu -- pspp There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 CVE-2017-12961
MISC(link is external)
google -- android A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35583675. 2017-08-18 4.3 CVE-2017-0687
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. 2017-08-18 4.3 CVE-2017-8254
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. 2017-08-18 6.8 CVE-2017-8256
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. 2017-08-18 6.8 CVE-2017-8257
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. 2017-08-18 6.8 CVE-2017-8260
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. 2017-08-18 6.8 CVE-2017-8261
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. 2017-08-18 5.1 CVE-2017-8265
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. 2017-08-18 5.1 CVE-2017-8266
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. 2017-08-18 5.1 CVE-2017-8270
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write. 2017-08-18 6.8 CVE-2017-8272
BID(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. 2017-08-18 5.0 CVE-2017-9679
BID(link is external)
CONFIRM(link is external)
MISC.(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message. 2017-08-18 5.0 CVE-2017-9680
BID(link is external)
CONFIRM(link is external)
MISC.(link is external)
graphicsmagick -- graphicsmagick The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. 2017-08-18 6.8 CVE-2017-12935
MISC(link is external)
MISC
graphicsmagick -- graphicsmagick The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. 2017-08-18 6.8 CVE-2017-12936
MISC(link is external)
MISC
graphicsmagick -- graphicsmagick The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. 2017-08-18 6.8 CVE-2017-12937
MISC(link is external)
BID(link is external)
MISC
graphicsmagick -- graphicsmagick GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. 2017-08-22 4.3 CVE-2017-13063
CONFIRM(link is external)
CONFIRM(link is external)
graphicsmagick -- graphicsmagick GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. 2017-08-22 4.3 CVE-2017-13064
CONFIRM(link is external)
BID(link is external)
CONFIRM(link is external)
graphicsmagick -- graphicsmagick GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. 2017-08-22 4.3 CVE-2017-13065
CONFIRM(link is external)
CONFIRM(link is external)
graphicsmagick -- graphicsmagick GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. 2017-08-22 4.3 CVE-2017-13066
BID(link is external)
CONFIRM(link is external)
graphicsmagick -- graphicsmagick In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. 2017-08-23 6.8 CVE-2017-13147
CONFIRM(link is external)
graphicsmagick -- graphicsmagick In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. 2017-08-23 4.3 CVE-2017-13648
CONFIRM(link is external)
ibm -- security_network_protection_4100_firmware Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-08-22 4.3 CVE-2014-6189
CONFIRM(link is external)
BID(link is external)
ibm -- websphere_application_server IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. 2017-08-18 4.3 CVE-2017-1501
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
igniterealtime -- openfire OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. 2017-08-18 5.0 CVE-2014-3451
MISC(link is external)
MLIST(link is external)
BUGTRAQ(link is external)
BID(link is external)
MISC
imagemagick -- imagemagick Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. 2017-08-21 6.8 CVE-2017-12983
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 CVE-2017-13058
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file. 2017-08-22 4.3 CVE-2017-13059
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 CVE-2017-13060
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. 2017-08-22 4.3 CVE-2017-13061
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. 2017-08-22 4.3 CVE-2017-13062
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. 2017-08-22 4.3 CVE-2017-13131
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. 2017-08-22 4.3 CVE-2017-13132
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 CVE-2017-13134
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. 2017-08-23 4.3 CVE-2017-13140
CONFIRM
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c. 2017-08-23 4.3 CVE-2017-13141
CONFIRM
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. 2017-08-23 4.3 CVE-2017-13142
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. 2017-08-23 5.0 CVE-2017-13143
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. 2017-08-23 4.3 CVE-2017-13144
CONFIRM
CONFIRM
imagemagick -- imagemagick In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. 2017-08-23 4.3 CVE-2017-13145
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. 2017-08-23 6.8 CVE-2017-13146
CONFIRM
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. 2017-08-24 4.3 CVE-2017-13658
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
libsass -- libsass There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. 2017-08-18 5.0 CVE-2017-12962
MISC(link is external)
libsass -- libsass There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24). 2017-08-18 5.0 CVE-2017-12963
MISC(link is external)
libtiff -- libtiff The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. 2017-08-18 5.0 CVE-2017-12944
CONFIRM
netapp -- clustered_data_ontap Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code. 2017-08-18 6.5 CVE-2017-12420
BID(link is external)
CONFIRM(link is external)
netapp -- data_ontap NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. 2017-08-18 4.3 CVE-2017-12859
BID(link is external)
CONFIRM(link is external)
nexusphp_project -- nexusphp Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. 2017-08-18 4.3 CVE-2017-12680
MISC
BID(link is external)
nongnu -- icoutils Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. 2017-08-22 6.8 CVE-2017-5208
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
open-uri-cached_project -- open-uri-cached The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created. 2017-08-18 4.6 CVE-2015-3649
MISC(link is external)
MLIST(link is external)
BID(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
paessler -- prtg_network_monitor Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-08-18 4.3 CVE-2017-9816
CONFIRM(link is external)
phpmywind -- phpmywind PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. 2017-08-21 4.3 CVE-2017-12984
MISC
podlove -- podlove_podcast_publisher lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. 2017-08-18 6.5 CVE-2017-12949
MISC(link is external)
pressforward -- pressforward Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. 2017-08-18 4.3 CVE-2017-12948
MISC(link is external)
pulp_project -- pulp Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. 2017-08-18 6.5 CVE-2015-5153
CONFIRM(link is external)
qodeinteractive -- bridge DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. 2017-08-23 4.3 CVE-2017-13138
MISC(link is external)
MISC(link is external)
MISC(link is external)
razerone -- synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. 2017-08-18 4.6 CVE-2017-11652
MISC(link is external)
razerone -- synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. 2017-08-18 4.6 CVE-2017-11653
MISC(link is external)
resiprocate -- resiprocate Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response. 2017-08-18 5.0 CVE-2017-9454
CONFIRM(link is external)
MLIST
spring_batch_admin_project -- spring_batch_admin Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. 2017-08-18 6.8 CVE-2017-12881
MLIST(link is external)
BID(link is external)
strongswan -- strongswan The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. 2017-08-18 5.0 CVE-2017-11185
BID(link is external)
CONFIRM
tomaxcom -- r60g_firmware ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. 2017-08-18 6.8 CVE-2017-12589
BID(link is external)
MISC(link is external)
wago -- wago_i/o_plc_758-870_firmware WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. 2017-08-22 5.0 CVE-2015-6472
MISC(link is external)
FULLDISC
BID(link is external)
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
asus -- dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. 2017-08-18 3.5 CVE-2017-12591
MISC(link is external)
cacti -- cacti lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. 2017-08-21 3.5 CVE-2017-12978
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. 2017-08-18 2.6 CVE-2017-9682
BID(link is external)
CONFIRM(link is external)
MISC.(link is external)
ibm -- rational_requirements_composer IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246. 2017-08-18 3.5 CVE-2017-1338
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
qemu -- qemu QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. 2017-08-23 2.1 CVE-2017-12809
MLIST(link is external)
BID(link is external)
MLIST
spring_batch_admin_project -- spring_batch_admin Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. 2017-08-18 3.5 CVE-2017-12882
MLIST(link is external)
BID

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
accellion -- file_transfer_appliance
 
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. 2017-08-22 not yet calculated CVE-2015-2857
MISC(link is external)
MISC(link is external)
MISC(link is external)
EXPLOIT-DB(link is external)
apache -- pony_mail
 
Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. 2017-08-22 not yet calculated CVE-2016-4460
CONFIRM
BID(link is external)
atlassian -- crucible
 
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. 2017-08-24 not yet calculated CVE-2017-9509
MISC
MISC(link is external)
atlassian -- crucible
 
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter. 2017-08-24 not yet calculated CVE-2017-9507
MISC
MISC(link is external)
atlassian -- fisheye_and_crucible
 
The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. 2017-08-24 not yet calculated CVE-2017-9512
MISC
MISC(link is external)
MISC(link is external)
atlassian -- fisheye_and_crucible
 
The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system. 2017-08-24 not yet calculated CVE-2017-9511
MISC
MISC(link is external)
MISC(link is external)
atlassian -- fisheye_and_crucible
 
Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file. 2017-08-24 not yet calculated CVE-2017-9508
MISC
MISC(link is external)
MISC(link is external)
atlassian -- fisheye
 
The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. 2017-08-24 not yet calculated CVE-2017-9510
MISC
MISC(link is external)
atlassian -- oauth_plugin
 
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). 2017-08-23 not yet calculated CVE-2017-9506
MISC
MISC(link is external)
automated_logic_corporation -- alc_webctrl
 
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software. 2017-08-25 not yet calculated CVE-2017-9640
BID(link is external)
MISC
automated_logic_corporation -- alc_webctrl
 
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. 2017-08-25 not yet calculated CVE-2017-9650
BID(link is external)
MISC
EXPLOIT-DB(link is external)
automated_logic_corporation -- alc_webctrl
 
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. 2017-08-25 not yet calculated CVE-2017-9644
BID(link is external)
MISC
EXPLOIT-DB(link is external)
bitrix -- bitrix
 
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php. 2017-08-24 not yet calculated CVE-2015-8355
BUGTRAQ(link is external)
MISC(link is external)
bmc_patrol -- bmc_patrol
 
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring. 2017-08-22 not yet calculated CVE-2017-13130
MISC(link is external)
cloud4wi -- cloud4wi
 
Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI. 2017-08-24 not yet calculated CVE-2015-4699
FULLDISC
MISC(link is external)
CONFIRM(link is external)
cloud_foundry_foundation -- capi
 
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure. 2017-08-21 not yet calculated CVE-2017-8037
CONFIRM
codiad -- codiad
 
components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. 2017-08-20 not yet calculated CVE-2017-11366
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
connect2id -- nimbus_jose+jwt
 
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation. 2017-08-20 not yet calculated CVE-2017-12974
CONFIRM
CONFIRM
CONFIRM
connect2id -- nimbus_jose+jwt
 
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. 2017-08-20 not yet calculated CVE-2017-12972
CONFIRM
CONFIRM
CONFIRM
connect2id -- nimbus_jose+jwt
 
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. 2017-08-20 not yet calculated CVE-2017-12973
CONFIRM
CONFIRM
CONFIRM
d-link -- d-link_firmware D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allows remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. 2017-08-25 not yet calculated CVE-2014-7857
MISC(link is external)
FULLDISC
CONFIRM(link is external)
BUGTRAQ(link is external)
BID(link is external)
d-link -- d-link_firmware The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. 2017-08-25 not yet calculated CVE-2014-7860
MISC(link is external)
FULLDISC
CONFIRM(link is external)
BUGTRAQ(link is external)
BID(link is external)
d-link -- d-link_firmware The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. 2017-08-25 not yet calculated CVE-2014-7858
MISC(link is external)
FULLDISC
CONFIRM(link is external)
BUGTRAQ(link is external)
BID(link is external)
d-link -- d-link_firmware
 
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values. 2017-08-25 not yet calculated CVE-2014-7859
MISC(link is external)
FULLDISC
CONFIRM(link is external)
BUGTRAQ(link is external)
BID(link is external)
dayrui_finecms -- dayrui_finecms
 
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable. 2017-08-25 not yet calculated CVE-2017-13697
MISC(link is external)
dnsdist -- dnsdist
 
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. 2017-08-22 not yet calculated CVE-2017-7557
MISC
fortinet -- fortimanager
 
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. 2017-08-22 not yet calculated CVE-2015-3617
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
git-annex -- git-annex
 
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. 2017-08-20 not yet calculated CVE-2017-12976
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
gnu -- gnu
 
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. 2017-08-25 not yet calculated CVE-2015-1395
FEDORA
FEDORA
MLIST(link is external)
BID(link is external)
UBUNTU(link is external)
MISC
CONFIRM(link is external)
CONFIRM
CONFIRM
gnu -- gnu
 
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. 2017-08-25 not yet calculated CVE-2014-9637
CONFIRM
FEDORA
FEDORA
MLIST(link is external)
BID(link is external)
UBUNTU(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM

ibm -- flex_system_en6131_ethernet_and_ib6131_infiniband_switch_firmware


 
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters. 2017-08-25 not yet calculated CVE-2014-9564
BID(link is external)
CONFIRM(link is external)
ibm -- maas360_dtm
 
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412. 2017-08-22 not yet calculated CVE-2017-1422
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
icewarp -- icewarp_mail_server
 
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. 2017-08-23 not yet calculated CVE-2017-12844
MISC(link is external)
kaspersky -- kaspersky_internet_security_for_android
 
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. 2017-08-25 not yet calculated CVE-2017-12817
CONFIRM(link is external)
kaspersky -- kaspersky_internet_security_for_android
 
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. 2017-08-25 not yet calculated CVE-2017-12816
CONFIRM(link is external)
linux -- kernal
 
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. 2017-08-19 not yet calculated CVE-2017-10661
CONFIRM
CONFIRM
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
linux -- kernel The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 not yet calculated CVE-2017-13694
MISC(link is external)
MISC
linux -- kernel
 
The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 not yet calculated CVE-2017-13693
MISC(link is external)
MISC
linux -- kernel
 
net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release. 2017-08-24 not yet calculated CVE-2017-13686
CONFIRM
CONFIRM(link is external)
linux -- kernel
 
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 not yet calculated CVE-2017-13695
MISC(link is external)
MISC
lxdm -- lxdm
 
LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. 2017-08-24 not yet calculated CVE-2015-8308
MLIST(link is external)
CONFIRM(link is external)
micro_focus -- enterprise_developer_and_enterprise_server
 
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. 2017-08-21 not yet calculated CVE-2017-5187
MISC(link is external)
micro_focus -- enterprise_developer_and_enterprise_server
 
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. 2017-08-21 not yet calculated CVE-2017-7421
MISC(link is external)
micro_focus -- enterprise_developer_and_enterprise_server
 
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default. 2017-08-21 not yet calculated CVE-2017-7423
MISC(link is external)
micro_focus -- enterprise_developer_and_enterprise_server
 
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). 2017-08-21 not yet calculated CVE-2017-7420
MISC(link is external)
micro_focus -- enterprise_developer_and_enterprise_server
 
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. 2017-08-21 not yet calculated CVE-2017-7424
MISC(link is external)
micro_focus -- enterprise_developer_and_enterprise_server
 
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default. 2017-08-21 not yet calculated CVE-2017-7422
MISC(link is external)
misp -- misp
 
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. 2017-08-24 not yet calculated CVE-2017-13671
CONFIRM(link is external)
mktexlsr -- mktexlsr
 
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700. 2017-08-25 not yet calculated CVE-2015-5701
MLIST(link is external)
MISC
CONFIRM(link is external)
CONFIRM
CONFIRM
mktexlsr -- mktexlsr
 
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. 2017-08-25 not yet calculated CVE-2015-5700
MLIST(link is external)
MISC
CONFIRM(link is external)
CONFIRM
CONFIRM
mrd-305-din -- mrd-305-din
 
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. 2017-08-25 not yet calculated CVE-2016-5816
MISC
multicoreware -- multicoreware
 
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906. 2017-08-24 not yet calculated CVE-2017-13666
MISC
nagios -- nagios_core
 
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. 2017-08-23 not yet calculated CVE-2017-12847
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
newsbeuter -- newsbeuter
 
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. 2017-08-23 not yet calculated CVE-2017-12904
DEBIAN
CONFIRM(link is external)
CONFIRM(link is external)
MLIST(link is external)
nexusphp -- nexusphp
 
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. 2017-08-24 not yet calculated CVE-2017-12679
MISC(link is external)
nexusphp -- nexusphp
 
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php. 2017-08-24 not yet calculated CVE-2017-13669
MISC(link is external)
noviware -- noviware
 
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow. 2017-08-22 not yet calculated CVE-2017-12787
EXPLOIT-DB(link is external)
noviware -- noviware
 
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data. 2017-08-22 not yet calculated CVE-2017-12786
EXPLOIT-DB(link is external)
noviware -- noviware
 
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection. 2017-08-22 not yet calculated CVE-2017-12785
EXPLOIT-DB(link is external)
ntp -- ntp
 
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. 2017-08-24 not yet calculated CVE-2015-5146
CONFIRM
FEDORA
FEDORA
FEDORA
CONFIRM
DEBIAN
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
GENTOO
onos -- onos
 
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870). 2017-08-24 not yet calculated CVE-2015-7516
MLIST(link is external)
BID(link is external)
MISC
CONFIRM
CONFIRM
openjpeg -- openjpeg
 
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. 2017-08-21 not yet calculated CVE-2017-12982
MISC
MISC(link is external)
MISC(link is external)
openstack -- ocata_and_newton
 
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. 2017-08-18 not yet calculated CVE-2017-12440
BID(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM
openstack-tripleo-image-elements -- openstack-tripleo-image-elements
 
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. 2017-08-22 not yet calculated CVE-2016-2102
CONFIRM(link is external)
osisoft -- pi_web_api
 
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. 2017-08-25 not yet calculated CVE-2017-7930
BID(link is external)
MISC
osisoft -- pi_web_api
 
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. 2017-08-25 not yet calculated CVE-2017-7934
BID(link is external)
MISC
osisoft -- pi_web_api
 
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. 2017-08-25 not yet calculated CVE-2017-7926
BID(link is external)
MISC
paessler -- prtg_network_monitor
 
Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML. 2017-08-24 not yet calculated CVE-2017-12879
MISC(link is external)
CONFIRM(link is external)
php-fpm -- php-fpm
 
php-fpm allows local users to write to or create arbitrary files via a symlink attack. 2017-08-25 not yet calculated CVE-2015-3211
CONFIRM(link is external)
phpmybackuppro -- phpmybackuppro
 
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. 2017-08-25 not yet calculated CVE-2015-4181
MLIST(link is external)
phpmybackuppro -- phpmybackuppro
 
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050. 2017-08-25 not yet calculated CVE-2015-4180
MLIST(link is external)
polycom -- multiple_products
 
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. 2017-08-25 not yet calculated CVE-2017-12857
CONFIRM(link is external)
pyjwt -- pyjwt
 
In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch. 2017-08-24 not yet calculated CVE-2017-11424
CONFIRM(link is external)
python -- kerberos
 
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. 2017-08-25 not yet calculated CVE-2015-3206
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
python -- python
 
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. 2017-08-24 not yet calculated CVE-2014-4616
CONFIRM
SUSE
MLIST(link is external)
BID(link is external)
MISC
CONFIRM(link is external)
MISC(link is external)
GENTOO
red_hat -- enterprise_virtualization_manager
 
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. 2017-08-24 not yet calculated CVE-2015-5293
CONFIRM(link is external)
CONFIRM(link is external)
red_hat -- jboss_enterprise_application_platform
 
Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. 2017-08-22 not yet calculated CVE-2016-6311
CONFIRM(link is external)
rhev -- rhev
 
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. 2017-08-22 not yet calculated CVE-2016-6310
BID(link is external)
CONFIRM(link is external)
riverbed -- opnet_app_response_xpert
 
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. 2017-08-26 not yet calculated CVE-2017-7693
MISC(link is external)
salt -- salt
 
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. 2017-08-25 not yet calculated CVE-2015-4017
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
saltstack -- saltstack
 
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. 2017-08-23 not yet calculated CVE-2017-12791
BID(link is external)
MISC
MISC(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)

samsung -- galaxy_s4


 
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. 2017-08-24 not yet calculated CVE-2015-1800
MLIST(link is external)
MLIST(link is external)
MLIST(link is external)
BID(link is external)

samsung -- galaxy_s4


 
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. 2017-08-24 not yet calculated CVE-2015-1801
MLIST(link is external)
MLIST(link is external)
BID(link is external)
samsung -- galaxy_s6
 
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. 2017-08-24 not yet calculated CVE-2015-7896
MISC(link is external)
BID(link is external)
CONFIRM
EXPLOIT-DB(link is external)
spidercontrol -- scada_microbrowser
 
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. 2017-08-25 not yet calculated CVE-2017-12707
BID(link is external)
MISC
spidercontrol -- scada_web_server
 
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. 2017-08-25 not yet calculated CVE-2017-12694
BID(link is external)
MISC
supervisor -- supervisor
 
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. 2017-08-23 not yet calculated CVE-2017-11610
DEBIAN
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
FEDORA
FEDORA
FEDORA
symantec -- vip_access_for_desktop
 
Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application. 2017-08-21 not yet calculated CVE-2017-6329
BID(link is external)
CONFIRM(link is external)
synology -- photo_station_uploader
 
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. 2017-08-23 not yet calculated CVE-2017-11159
CONFIRM(link is external)
synology -- photo_station
 
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. 2017-08-24 not yet calculated CVE-2017-9555
CONFIRM(link is external)
synology -- synology_dns_server
 
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. 2017-08-24 not yet calculated CVE-2017-12074
CONFIRM(link is external)
telerik -- telerik.web.ui
 
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. 2017-08-23 not yet calculated CVE-2017-11357
CONFIRM(link is external)
telerik -- telerik.web.ui
 
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. 2017-08-23 not yet calculated CVE-2017-11317
CONFIRM(link is external)
tidy -- tidy
 
In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. 2017-08-25 not yet calculated CVE-2017-13692
CONFIRM(link is external)
ubuntu -- apport
 
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges. 2017-08-25 not yet calculated CVE-2015-1325
MLIST(link is external)
BID(link is external)
UBUNTU(link is external)
EXPLOIT-DB(link is external)
ubuntu -- apport
 
apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges. 2017-08-25 not yet calculated CVE-2015-1324
BID(link is external)
UBUNTU(link is external)
CONFIRM(link is external)
ubuntu -- concurrent_versions_system
 
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." 2017-08-24 not yet calculated CVE-2017-12836
MLIST
DEBIAN
MLIST(link is external)
MLIST(link is external)
BID(link is external)
UBUNTU(link is external)
MISC(link is external)
unity_technologies -- unity_editor
 
A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. 2017-08-18 not yet calculated CVE-2017-12939
BID(link is external)
CONFIRM(link is external)
unrealircd -- unrealircd
 
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command. 2017-08-23 not yet calculated CVE-2017-13649
MISC
util-linux -- util-linux
 
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. 2017-08-23 not yet calculated CVE-2015-5224
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
westermo -- multiple_routers
 
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. 2017-08-25 not yet calculated CVE-2017-12709
BID(link is external)
MISC
westermo -- multiple_routers
 
A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. 2017-08-25 not yet calculated CVE-2017-12703
BID(link is external)
MISC
wordpress -- photo_gallery_plugin
 
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter. 2017-08-20 not yet calculated CVE-2017-12977
MISC(link is external)
MISC
xen -- xen
 
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. 2017-08-24 not yet calculated CVE-2017-12136
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
MISC(link is external)
CONFIRM(link is external)
xen -- xen
 
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. 2017-08-24 not yet calculated CVE-2017-12137
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
MISC(link is external)
CONFIRM(link is external)
xen -- xen
 
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. 2017-08-24 not yet calculated CVE-2017-12135
MLIST(link is external)
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
MISC(link is external)
CONFIRM(link is external)
xen -- xen
 
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. 2017-08-24 not yet calculated CVE-2017-12134
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
MISC(link is external)
CONFIRM(link is external)
zen_cart -- zen_cart
 
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. 2017-08-24 not yet calculated CVE-2015-8352
BUGTRAQ(link is external)
MISC(link is external)
CONFIRM(link is external)
zend-diactoros -- zend-diactoros
 
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. 2017-08-25 not yet calculated CVE-2015-3257
BID(link is external)
CONFIRM(link is external)
zte_adsl -- w300_modems
 
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. 2017-08-24 not yet calculated CVE-2015-7259
MISC(link is external)
MISC(link is external)
FULLDISC
EXPLOIT-DB(link is external)
zte_adsl -- w300_modems
 
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. 2017-08-24 not yet calculated CVE-2015-7258
MISC(link is external)
MISC(link is external)
FULLDISC
EXPLOIT-DB(link is external)
zte_adsl -- w300_modems
 
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". 2017-08-24 not yet calculated CVE-2015-7257
MISC(link is external)
MISC(link is external)
FULLDISC
EXPLOIT-DB

 

** 출처: US-CERT: Bulletin(SB17-240)] 2017년 8월 21일까지 발표된 보안 취약점