*** 출처: [US-CERT: Bulletin(SB17-310)] 2017년 10월 30일까지 발표된 보안 취약점
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| fortinet -- fortios | A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API. | 2017-10-27 | 4.0 | CVE-2017-14182 MISC BID SECTRACK CONFIRM |
| fortinet -- fortios | A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter. | 2017-10-27 | 4.3 | CVE-2017-7733 BID SECTRACK CONFIRM |
| gnu -- binutils | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). | 2017-10-27 | 5.0 | CVE-2017-15938 BID MISC MISC MISC |
| gnu -- binutils | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. | 2017-10-27 | 4.3 | CVE-2017-15939 BID MISC MISC MISC |
| graphicsmagick -- graphicsmagick | In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. | 2017-10-27 | 6.8 | CVE-2017-15930 CONFIRM CONFIRM BID CONFIRM |
| radare -- radare2 | In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. | 2017-10-27 | 6.8 | CVE-2017-15931 BID CONFIRM CONFIRM |
| radare -- radare2 | In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. | 2017-10-27 | 6.8 | CVE-2017-15932 BID CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adult_script_pro -- adult_script_pro |
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. | 2017-10-29 | not yet calculated | CVE-2017-15959 MISC EXPLOIT-DB |
| amazon_web_services -- cloudformation_boostrap |
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. | 2017-10-30 | not yet calculated | CVE-2017-9450 BID CONFIRM |
| apache -- cordova |
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI. | 2017-10-30 | not yet calculated | CVE-2014-0073 MISC FULLDISC BUGTRAQ BID XF CONFIRM MLIST |
| apache -- cordova |
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option. | 2017-10-30 | not yet calculated | CVE-2014-0072 MISC FULLDISC BUGTRAQ XF CONFIRM MLIST |
| apache -- hadoop |
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack. | 2017-10-30 | not yet calculated | CVE-2012-4449 MLIST CONFIRM |
| apache -- hive |
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns. | 2017-11-01 | not yet calculated | CVE-2017-12625 MLIST |
| apache -- httpclient |
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification. | 2017-10-30 | not yet calculated | CVE-2013-4366 CONFIRM CONFIRM |
| apache -- juddi |
Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp. | 2017-10-30 | not yet calculated | CVE-2009-1198 CONFIRM MLIST BID |
| apache -- juddi |
Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp. | 2017-10-30 | not yet calculated | CVE-2009-1197 CONFIRM MLIST BID |
| apache -- qpid |
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203. | 2017-10-30 | not yet calculated | CVE-2015-0224 FEDORA MLIST MISC REDHAT REDHAT REDHAT REDHAT BUGTRAQ BID SECTRACK REDHAT CONFIRM CONFIRM |
| apache -- storm |
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log. | 2017-10-30 | not yet calculated | CVE-2014-0115 CONFIRM MLIST |
| apache -- struts |
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. | 2017-10-30 | not yet calculated | CVE-2016-3090 BID CONFIRM SECTRACK |
| apache -- subversion |
libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. | 2017-10-30 | not yet calculated | CVE-2013-4246 BID CONFIRM |
| apache -- traffic_server |
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function. | 2017-10-30 | not yet calculated | CVE-2015-3249 MLIST BID MISC |
| apache -- traffic_server |
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. | 2017-10-30 | not yet calculated | CVE-2014-3624 MLIST BID CONFIRM |
| apache -- wicket |
Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions. | 2017-10-30 | not yet calculated | CVE-2014-3526 CONFIRM |
| apache -- wicket |
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response. | 2017-10-30 | not yet calculated | CVE-2012-5636 BID CONFIRM |
| apache -- wss4j |
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487. | 2017-10-30 | not yet calculated | CVE-2015-0226 BID CONFIRM |
| apache -- xerces2_java |
Apache Xerces2 Java allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. | 2017-10-30 | not yet calculated | CVE-2012-0881 MLIST CONFIRM |
| apache -- xml-rpc |
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element. | 2017-10-27 | not yet calculated | CVE-2016-5003 MLIST BID BID SECTRACK MISC XF |
| arox -- school_erp_php_script |
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. | 2017-10-31 | not yet calculated | CVE-2017-15978 EXPLOIT-DB |
| article_directory_script -- article_directory_script |
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. | 2017-10-29 | not yet calculated | CVE-2017-15960 MISC EXPLOIT-DB |
| barco -- clickshare |
Unspecified vulnerability in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10 has unknown impact and attack vectors. | 2017-10-30 | not yet calculated | CVE-2017-12460 CONFIRM CONFIRM |
| barco -- clickshare |
A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device. | 2017-10-30 | not yet calculated | CVE-2017-9377 BID CONFIRM CONFIRM MISC |
| basic -- b2b_script |
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. | 2017-10-31 | not yet calculated | CVE-2017-15985 EXPLOIT-DB |
| bchunk -- bchunk |
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file. | 2017-10-28 | not yet calculated | CVE-2017-15955 MISC |
| bchunk -- bchunk |
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. | 2017-10-28 | not yet calculated | CVE-2017-15954 MISC |
| bchunk -- bchunk |
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. | 2017-10-28 | not yet calculated | CVE-2017-15953 MISC |
| bitdefender -- internet_security_2018 |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361. | 2017-10-31 | not yet calculated | CVE-2017-10954 BID MISC |
| cisco -- access_network_query_protocol |
A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779. | 2017-11-02 | not yet calculated | CVE-2017-12282 BID SECTRACK CONFIRM |
| cisco -- aironet |
A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this vulnerability by sending a malformed 802.11 association request to the targeted device. An exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve12189. | 2017-11-02 | not yet calculated | CVE-2017-12273 BID SECTRACK CONFIRM |
| cisco -- aironet |
A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of the EAP frame. An attacker could exploit this vulnerability by sending a malformed EAP frame to the targeted device. A successful exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. It may be necessary to manually power cycle the device in order for it to recover. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve18935. | 2017-11-02 | not yet calculated | CVE-2017-12274 BID SECTRACK CONFIRM |
| cisco -- application_policy_infrastructure_controller_enterprise_module |
A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges. This vulnerability affects appliances or virtual devices running Cisco Application Policy Infrastructure Controller Enterprise Module prior to version 1.5. Cisco Bug IDs: CSCve89638. | 2017-11-02 | not yet calculated | CVE-2017-12262 BID SECTRACK CONFIRM |
| cisco -- identity_services_engine |
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability. The vulnerability affects the following Cisco Identity Services Engine (ISE) products running Release 1.4, 2.0, 2.0.1, 2.1.0: ISE, ISE Express, ISE Virtual Appliance. Cisco Bug IDs: CSCve74916. | 2017-11-02 | not yet calculated | CVE-2017-12261 BID SECTRACK CONFIRM |
| cisco -- ios_software |
A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks that are performed by the affected device when the device adds padding to egress packets. An attacker could exploit this vulnerability by sending a crafted IP packet to an affected device. A successful exploit could allow the attacker to retrieve content from memory on the affected device, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvc21581. | 2017-11-02 | not yet calculated | CVE-2017-12279 BID SECTRACK CONFIRM |
| cisco -- prime_collaboration_provisioning |
A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input in the SQL database. The attacker would need to have valid user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.3. Cisco Bug IDs: CSCvf47935. | 2017-11-02 | not yet calculated | CVE-2017-12276 BID SECTRACK CONFIRM |
| cisco -- protected_extensible_authentication_protocol |
A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314. | 2017-11-02 | not yet calculated | CVE-2017-12281 BID SECTRACK CONFIRM |
| cisco -- protected_management_frames |
A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. The vulnerability exists because the affected device does not properly validate 802.11w PAF disassociation and deauthentication frames that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. This vulnerability affects Access Points that are configured to run in FlexConnect mode. Cisco Bug IDs: CSCvc20627. | 2017-11-02 | not yet calculated | CVE-2017-12283 BID SECTRACK CONFIRM |
| cisco -- simple_network_management_protocol |
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674. | 2017-11-02 | not yet calculated | CVE-2017-12278 BID SECTRACK CONFIRM |
| cisco -- smart_licensing_manager |
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863. | 2017-11-02 | not yet calculated | CVE-2017-12277 BID CONFIRM |
| cisco -- unified_computing_system |
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078. | 2017-11-02 | not yet calculated | CVE-2017-12243 BID SECTRACK CONFIRM |
| cisco -- webex_meetings_server |
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf85562. | 2017-11-02 | not yet calculated | CVE-2017-12294 BID SECTRACK CONFIRM |
| cisco -- webex_meetings_server |
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header reply from the Cisco WebEx Meetings Server to the client, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCve65818. | 2017-11-02 | not yet calculated | CVE-2017-12295 BID SECTRACK CONFIRM |
| cisco -- wireless_lan_controllers |
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CAPWAP Discovery Request packets to an affected device. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb95842. | 2017-11-02 | not yet calculated | CVE-2017-12280 BID SECTRACK CONFIRM |
| cisco -- wireless_lan_controllers |
A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803. | 2017-11-02 | not yet calculated | CVE-2017-12275 BID SECTRACK CONFIRM |
| converto -- video_downloader_and_converter |
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. | 2017-10-29 | not yet calculated | CVE-2017-15956 MISC |
| creative_management_system -- creative_management_system_lite |
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. | 2017-10-31 | not yet calculated | CVE-2017-15984 EXPLOIT-DB |
| d-link -- dsl-2740e_1.00_BG_20150720_devices |
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs. | 2017-10-31 | not yet calculated | CVE-2016-10699 BID MISC |
| d-park_pro -- domain_parking_script |
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php. | 2017-10-29 | not yet calculated | CVE-2017-15958 MISC EXPLOIT-DB |
| docker-ce -- docker-ce |
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP. | 2017-11-04 | not yet calculated | CVE-2017-16539 MISC MISC MISC |
| docker-ce -- docker-ce |
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. | 2017-11-01 | not yet calculated | CVE-2017-14992 MISC CONFIRM |
| dulwich -- dulwich |
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117. | 2017-10-29 | not yet calculated | CVE-2017-16228 MISC MISC MISC |
| dynamic -- news_magazine_and_blog_cms |
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | 2017-10-31 | not yet calculated | CVE-2017-15982 EXPLOIT-DB |
| ektron -- content_management_system |
Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data. | 2017-10-30 | not yet calculated | CVE-2012-5357 CONFIRM MISC MISC MISC |
| ektron -- content_management_system |
The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data. | 2017-10-30 | not yet calculated | CVE-2012-5358 CONFIRM MISC MISC |
| emc -- appsync_server |
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | 2017-10-31 | not yet calculated | CVE-2017-14376 CONFIRM BID |
| emc -- rsa_authentication_manager |
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 2017-10-31 | not yet calculated | CVE-2017-14373 CONFIRM BID SECTRACK |
| emc -- unisphere |
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. | 2017-10-31 | not yet calculated | CVE-2017-14375 CONFIRM SECTRACK |
| enalean -- tuleap |
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution). | 2017-10-30 | not yet calculated | CVE-2017-7411 MISC MISC FULLDISC MLIST CONFIRM |
| eyesofnetwork -- eyesofnetwork |
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php. | 2017-10-29 | not yet calculated | CVE-2017-16000 MISC |
| eyesofnetwork -- eyesofnetwork |
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. | 2017-10-27 | not yet calculated | CVE-2017-15933 BID MISC |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections. | 2017-10-27 | not yet calculated | CVE-2017-0303 BID SECTRACK CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion. | 2017-10-27 | not yet calculated | CVE-2017-6161 BID SECTRACK SECTRACK CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system. | 2017-10-27 | not yet calculated | CVE-2017-6157 BID SECTRACK CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable. | 2017-10-27 | not yet calculated | CVE-2017-6160 BID SECTRACK CONFIRM |
| f5 -- multiple_products |
F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic. | 2017-10-27 | not yet calculated | CVE-2017-6159 BID SECTRACK CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device. | 2017-10-27 | not yet calculated | CVE-2017-6162 BID SECTRACK CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed. | 2017-10-27 | not yet calculated | CVE-2017-6163 BID SECTRACK CONFIRM |
| flets -- easy_setup_tool |
Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-11-02 | not yet calculated | CVE-2017-10825 MISC MISC |
| flexense -- syncbreeze |
Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode. | 2017-10-31 | not yet calculated | CVE-2017-15950 MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4722. | 2017-10-31 | not yet calculated | CVE-2017-10947 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ObjStm objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-4846. | 2017-10-31 | not yet calculated | CVE-2017-10944 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.alert function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4855. | 2017-10-31 | not yet calculated | CVE-2017-10945 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.execMenuItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4723. | 2017-10-31 | not yet calculated | CVE-2017-10948 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4737. | 2017-10-31 | not yet calculated | CVE-2017-10942 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5030. | 2017-10-31 | not yet calculated | CVE-2017-10953 BID CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4738. | 2017-10-31 | not yet calculated | CVE-2017-10943 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFParseDateEx function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4816. | 2017-10-31 | not yet calculated | CVE-2017-10941 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4721. | 2017-10-31 | not yet calculated | CVE-2017-10946 CONFIRM MISC |
| gnu -- wget | The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. | 2017-10-27 | not yet calculated | CVE-2017-13089 CONFIRM DEBIAN BID SECTRACK MISC MISC |
| gnu -- wget |
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. | 2017-10-27 | not yet calculated | CVE-2017-13090 CONFIRM DEBIAN BID SECTRACK MISC |
| gnu -- binutils |
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. | 2017-10-29 | not yet calculated | CVE-2017-15996 BID CONFIRM CONFIRM |
| gnu -- emacs |
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. | 2017-10-31 | not yet calculated | CVE-2017-1000383 MLIST |
| google -- android |
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network. | 2017-10-29 | not yet calculated | CVE-2017-15998 MISC |
| google -- android |
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required. | 2017-10-29 | not yet calculated | CVE-2017-15999 MISC |
| google -- android |
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file. | 2017-10-29 | not yet calculated | CVE-2017-15997 MISC |
| google -- chrome |
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2017-10-27 | not yet calculated | CVE-2017-5117 DEBIAN BID SECTRACK MISC MISC GENTOO |
| google -- chrome |
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 2017-10-27 | not yet calculated | CVE-2017-5119 DEBIAN BID SECTRACK MISC MISC GENTOO |
| google -- chrome |
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 2017-10-27 | not yet calculated | CVE-2017-5116 DEBIAN BID SECTRACK MISC MISC GENTOO |
| google -- chrome |
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring). | 2017-10-27 | not yet calculated | CVE-2017-5120 DEBIAN BID SECTRACK MISC MISC GENTOO |
| google -- chrome |
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | 2017-10-27 | not yet calculated | CVE-2017-5115 DEBIAN BID SECTRACK MISC MISC GENTOO |
| google -- chrome |
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | 2017-10-27 | not yet calculated | CVE-2017-5118 DEBIAN BID SECTRACK MISC MISC GENTOO |
| google -- chrome |
Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 2017-10-27 | not yet calculated | CVE-2017-5112 DEBIAN BID SECTRACK MISC MISC GENTOO |
| google -- chrome |
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | 2017-10-27 | not yet calculated | CVE-2017-5111 DEBIAN BID SECTRACK MISC MISC GENTOO |
| google -- chrome |
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | 2017-10-27 | not yet calculated | CVE-2017-5114 DEBIAN BID SECTRACK MISC MISC GENTOO |
| google -- chrome |
Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. | 2017-10-27 | not yet calculated | CVE-2017-5122 DEBIAN BID SECTRACK MISC MISC GENTOO |
| google -- chrome |
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. | 2017-10-27 | not yet calculated | CVE-2017-5121 DEBIAN BID SECTRACK MISC MISC MISC GENTOO |
| google -- chrome |
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2017-10-27 | not yet calculated | CVE-2017-5113 DEBIAN BID SECTRACK MISC MISC GENTOO |
| graphicsmagick -- graphicsmagick |
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. | 2017-11-01 | not yet calculated | CVE-2017-16353 MISC MISC BID MISC |
| graphicsmagick -- graphicsmagick |
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. | 2017-11-01 | not yet calculated | CVE-2017-16352 MISC MISC BID MISC |
| hashicorp -- vagrant |
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | 2017-10-31 | not yet calculated | CVE-2017-15884 MISC |
| hpe -- performance_center |
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. | 2017-11-03 | not yet calculated | CVE-2017-14359 BID CONFIRM |
| hp -- arcsight |
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS) | 2017-10-31 | not yet calculated | CVE-2017-14357 CONFIRM AUSCERT |
| hp -- arcsight |
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. | 2017-10-31 | not yet calculated | CVE-2017-14358 CONFIRM AUSCERT |
| hp -- arcsight |
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. | 2017-10-31 | not yet calculated | CVE-2017-14356 BID CONFIRM AUSCERT |
| ibm -- infosphere_biginsights |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398. | 2017-11-01 | not yet calculated | CVE-2017-1554 CONFIRM BID MISC |
| ibm -- infosphere_biginsights |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397. | 2017-11-01 | not yet calculated | CVE-2017-1553 CONFIRM BID MISC |
| ibm -- infosphere_biginsights |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396. | 2017-11-01 | not yet calculated | CVE-2017-1552 CONFIRM BID MISC |
| ibm -- jazz_reporting_services |
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455. | 2017-11-01 | not yet calculated | CVE-2017-1340 CONFIRM MISC |
| ibm -- openpages_grc_platform |
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201. | 2017-11-01 | not yet calculated | CVE-2017-1148 CONFIRM MISC |
| ibm -- openpages_grc_platform |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711. | 2017-11-01 | not yet calculated | CVE-2016-3048 CONFIRM BID MISC |
| ibm -- openpages_grc_platform |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162. | 2017-11-01 | not yet calculated | CVE-2017-1300 CONFIRM MISC |
| ibm -- openpages_grc_platform |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200. | 2017-11-01 | not yet calculated | CVE-2017-1147 CONFIRM MISC |
| ibm -- openpages_grc_platform |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241. | 2017-11-01 | not yet calculated | CVE-2017-1333 CONFIRM BID MISC |
| ibm -- openpages_grc_platform |
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151. | 2017-11-01 | not yet calculated | CVE-2017-1290 CONFIRM MISC |
| imap -- imap |
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. | 2017-10-31 | not yet calculated | CVE-2017-1000257 BID SECTRACK CONFIRM |
| ingenious -- school_management_system |
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. | 2017-10-29 | not yet calculated | CVE-2017-15957 MISC EXPLOIT-DB |
| iproject -- management_system |
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php. | 2017-10-29 | not yet calculated | CVE-2017-15961 MISC EXPLOIT-DB |
| ipswitch -- ws_ftp_professional |
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. | 2017-11-03 | not yet calculated | CVE-2017-16513 MISC MISC |
| istock -- management_system |
iStock Management System 1.0 allows Arbitrary File Upload via user/profile. | 2017-10-29 | not yet calculated | CVE-2017-15962 MISC EXPLOIT-DB |
| itech -- gigs_script |
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. | 2017-10-29 | not yet calculated | CVE-2017-15963 MISC EXPLOIT-DB |
| jenkins -- jenkins |
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites | 2017-11-01 | not yet calculated | CVE-2017-1000243 CONFIRM |
| jenkins -- jenkins |
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | 2017-11-01 | not yet calculated | CVE-2017-1000244 CONFIRM |
| jenkins -- jenkins |
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure | 2017-11-01 | not yet calculated | CVE-2017-1000242 CONFIRM |
| job_board -- script_software |
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. | 2017-10-29 | not yet calculated | CVE-2017-15964 MISC EXPLOIT-DB |
| joomla! -- joomla! |
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. | 2017-10-29 | not yet calculated | CVE-2017-15965 BID MISC EXPLOIT-DB |
| joomla! -- joomla! |
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php. | 2017-10-29 | not yet calculated | CVE-2017-15966 MISC EXPLOIT-DB |
| joyent -- smart_data_center |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853. | 2017-10-31 | not yet calculated | CVE-2017-10940 BID MISC MISC |
| korenix -- jetnet |
A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access. | 2017-10-31 | not yet calculated | CVE-2017-14027 BID MISC |
| korenix -- jetnet |
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks. | 2017-10-31 | not yet calculated | CVE-2017-14021 BID MISC |
| libvirt -- libvirt |
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | 2017-10-31 | not yet calculated | CVE-2017-1000256 CONFIRM MISC MLIST |
| linux -- linux_kernel |
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. | 2017-10-27 | not yet calculated | CVE-2017-15951 CONFIRM CONFIRM BID CONFIRM |
| linux -- linux_kernel |
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. | 2017-10-30 | not yet calculated | CVE-2017-1000255 BID MISC |
| linux -- linux_kernel |
The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction. | 2017-10-29 | not yet calculated | CVE-2006-5331 CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel |
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-03 | not yet calculated | CVE-2017-16532 MISC MISC |
| linux -- linux_kernel |
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-03 | not yet calculated | CVE-2017-16537 MISC MISC |
| linux -- linux_kernel |
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). | 2017-11-03 | not yet calculated | CVE-2017-16538 MISC MISC MISC |
| linux -- linux_kernel |
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-03 | not yet calculated | CVE-2017-16529 MISC MISC |
| linux -- linux_kernel |
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-03 | not yet calculated | CVE-2017-16527 MISC MISC |
| linux -- linux_kernel |
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-03 | not yet calculated | CVE-2017-16535 MISC MISC |
| linux -- linux_kernel |
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. | 2017-11-03 | not yet calculated | CVE-2017-16531 MISC MISC |
| linux -- linux_kernel |
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-03 | not yet calculated | CVE-2017-16533 MISC MISC |
| linux -- linux_kernel |
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-03 | not yet calculated | CVE-2017-16526 MISC MISC |
| linux -- linux_kernel |
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-03 | not yet calculated | CVE-2017-16536 MISC MISC |
| linux -- linux_kernel |
The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c. | 2017-11-03 | not yet calculated | CVE-2017-16530 MISC MISC |
| linux -- linux_kernel |
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-03 | not yet calculated | CVE-2017-16534 MISC MISC |
| linux -- linux_kernel |
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. | 2017-11-03 | not yet calculated | CVE-2017-16525 MISC MISC MISC |
| linux -- linux_kernel |
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-03 | not yet calculated | CVE-2017-16528 MISC MISC |
| mahara -- mahara_mobile |
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. | 2017-11-03 | not yet calculated | CVE-2017-1000171 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. | 2017-11-03 | not yet calculated | CVE-2017-1000151 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions. | 2017-11-03 | not yet calculated | CVE-2017-1000131 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara. | 2017-10-31 | not yet calculated | CVE-2017-14752 CONFIRM |
| mahara -- mahara |
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. | 2017-11-03 | not yet calculated | CVE-2017-1000134 MISC |
| mahara -- mahara |
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change. | 2017-11-03 | not yet calculated | CVE-2017-1000136 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages. | 2017-11-03 | not yet calculated | CVE-2017-1000133 MISC |
| mahara -- mahara |
An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the 'mahara' cookie to the old value, they can get access to the user's account. | 2017-10-31 | not yet calculated | CVE-2017-14163 CONFIRM |
| mahara -- mahara |
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title. | 2017-11-03 | not yet calculated | CVE-2017-1000138 MISC |
| mahara -- mahara |
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation. | 2017-11-03 | not yet calculated | CVE-2017-1000142 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages. | 2017-11-03 | not yet calculated | CVE-2017-1000155 MISC |
| mahara -- mahara |
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended. | 2017-11-03 | not yet calculated | CVE-2017-1000135 MISC |
| mahara -- mahara |
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop). | 2017-11-03 | not yet calculated | CVE-2017-1000137 MISC |
| mahara -- mahara |
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file. | 2017-11-03 | not yet calculated | CVE-2017-1000132 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended. | 2017-11-03 | not yet calculated | CVE-2017-1000154 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts. | 2017-10-31 | not yet calculated | CVE-2017-15273 CONFIRM CONFIRM CONFIRM CONFIRM |
| mahara -- mahara |
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages. | 2017-11-03 | not yet calculated | CVE-2017-1000146 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role. | 2017-11-03 | not yet calculated | CVE-2017-1000156 MISC |
| mahara -- mahara |
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments. | 2017-11-03 | not yet calculated | CVE-2017-1000145 MISC |
| mahara -- mahara |
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore. | 2017-11-03 | not yet calculated | CVE-2017-1000143 MISC |
| mahara -- mahara |
Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages. | 2017-11-03 | not yet calculated | CVE-2017-1000144 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on. | 2017-11-03 | not yet calculated | CVE-2017-1000157 MISC |
| mahara -- mahara |
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues. | 2017-11-03 | not yet calculated | CVE-2017-1000139 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings. | 2017-11-03 | not yet calculated | CVE-2017-1000152 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file. | 2017-11-03 | not yet calculated | CVE-2017-1000148 MISC |
| mahara -- mahara |
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open()) | 2017-11-03 | not yet calculated | CVE-2017-1000149 MISC |
| mahara -- mahara |
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file. | 2017-11-03 | not yet calculated | CVE-2017-1000140 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account. | 2017-11-03 | not yet calculated | CVE-2017-1000153 MISC |
| mahara -- mahara |
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks. | 2017-11-03 | not yet calculated | CVE-2017-1000150 MISC |
| mahara -- mahara |
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account. | 2017-11-03 | not yet calculated | CVE-2017-1000147 MISC |
| mailing_list -- manager_pro |
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template. | 2017-10-29 | not yet calculated | CVE-2017-15967 MISC EXPLOIT-DB |
| mcafee -- network_data_loss_prevention |
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type. | 2017-10-31 | not yet calculated | CVE-2017-3935 CONFIRM |
| mcafee -- network_data_loss_prevention |
Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack. | 2017-10-31 | not yet calculated | CVE-2017-3933 BID CONFIRM |
| mcafee -- network_data_loss_prevention |
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver. | 2017-10-31 | not yet calculated | CVE-2017-3934 CONFIRM |
| microsoft -- chakracore |
ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 2017-11-02 | not yet calculated | CVE-2017-11767 BID SECTRACK CONFIRM |
| mitrastar -- mitrastar |
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. | 2017-11-03 | not yet calculated | CVE-2017-16522 MISC EXPLOIT-DB |
| mitrastar -- mitrastar |
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. | 2017-11-03 | not yet calculated | CVE-2017-16523 MISC EXPLOIT-DB |
| mongodb -- mongodb |
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. | 2017-10-31 | not yet calculated | CVE-2017-15535 CONFIRM |
| mybuilder -- clone |
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. | 2017-10-29 | not yet calculated | CVE-2017-15968 MISC EXPLOIT-DB |
| mymagazine -- magazine_and_blog_cms |
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | 2017-10-31 | not yet calculated | CVE-2017-15983 EXPLOIT-DB |
| nice -- php |
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. | 2017-10-31 | not yet calculated | CVE-2017-15988 EXPLOIT-DB |
| node.js -- node.js |
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | 2017-10-30 | not yet calculated | CVE-2017-14919 CONFIRM CONFIRM CONFIRM CONFIRM |
| octobercms -- octobercms |
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable. | 2017-10-31 | not yet calculated | CVE-2017-16244 CONFIRM EXPLOIT-DB |
| online_exam_test_application -- online_exam_test_application |
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. | 2017-10-31 | not yet calculated | CVE-2017-15989 EXPLOIT-DB |
| openam -- openam |
OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider. | 2017-11-02 | not yet calculated | CVE-2017-10873 JVN MISC MISC |
| openemr -- openemr |
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter. | 2017-11-04 | not yet calculated | CVE-2017-16540 MISC MISC |
| openssl -- openssl |
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. | 2017-11-02 | not yet calculated | CVE-2017-3736 SECTRACK CONFIRM |
| oracle -- fusion_middleware |
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | 2017-10-30 | not yet calculated | CVE-2017-10151 CONFIRM BID SECTRACK |
| perl -- perl |
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character. | 2017-10-31 | not yet calculated | CVE-2017-16248 CONFIRM CONFIRM CONFIRM |
| pg -- all_share_video |
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. | 2017-10-29 | not yet calculated | CVE-2017-15969 MISC EXPLOIT-DB |
| php -- cityportal |
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter. | 2017-10-29 | not yet calculated | CVE-2017-15970 MISC EXPLOIT-DB |
| php -- inventory_and_invoice_management_system |
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. | 2017-10-31 | not yet calculated | CVE-2017-15990 EXPLOIT-DB |
| pluxml -- pluxml |
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. | 2017-11-01 | not yet calculated | CVE-2017-1001001 CONFIRM |
| progress -- openedge |
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | 2017-10-31 | not yet calculated | CVE-2015-9245 MISC |
| protected_links -- expiring_download_links |
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter. | 2017-10-31 | not yet calculated | CVE-2017-15977 EXPLOIT-DB |
| qemu -- qemu |
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. | 2017-10-30 | not yet calculated | CVE-2015-7549 CONFIRM FEDORA DEBIAN MLIST BID CONFIRM GENTOO |
| quagga -- quagga |
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | 2017-10-29 | not yet calculated | CVE-2017-16227 MISC DEBIAN MISC MISC MISC |
| radare -- radare |
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. | 2017-11-01 | not yet calculated | CVE-2017-16358 CONFIRM CONFIRM |
| radare -- radare |
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. | 2017-11-01 | not yet calculated | CVE-2017-16359 CONFIRM CONFIRM CONFIRM CONFIRM |
| radare -- radare |
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory. | 2017-11-01 | not yet calculated | CVE-2017-16357 CONFIRM CONFIRM |
| rakuraku -- hagaki |
Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file. | 2017-11-02 | not yet calculated | CVE-2017-10870 MISC MISC |
| responsive -- newspaper_magazine_and_blog_cms |
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. | 2017-10-31 | not yet calculated | CVE-2017-15981 EXPLOIT-DB |
| rsync -- rsync |
rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other products, mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. | 2017-10-29 | not yet calculated | CVE-2017-15994 MISC MISC MISC |
| ruby -- ruby |
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. | 2017-11-03 | not yet calculated | CVE-2017-16516 MISC MISC |
| same_sex_dating_software_pro -- same_sex_dating_software_pro |
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972. | 2017-10-29 | not yet calculated | CVE-2017-15971 MISC EXPLOIT-DB |
| schedmd -- slurm |
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. | 2017-11-01 | not yet calculated | CVE-2017-15566 CONFIRM |
| scriptcopy -- cpa_lead_reward_script |
CPA Lead Reward Script allows SQL Injection via the username parameter. | 2017-10-31 | not yet calculated | CVE-2017-15986 EXPLOIT-DB |
| serasoft.com -- sera |
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks. | 2017-11-01 | not yet calculated | CVE-2017-15918 MISC |
| shadowsocks-libev -- shadowsocks-libev |
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. | 2017-10-27 | not yet calculated | CVE-2017-15924 MISC DEBIAN MISC MISC MISC |
| sharett -- shareet |
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. | 2017-10-31 | not yet calculated | CVE-2017-15979 EXPLOIT-DB |
| softech_products -- softdatepro |
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971. | 2017-10-29 | not yet calculated | CVE-2017-15972 MISC EXPLOIT-DB |
| sokial -- sokial |
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php. | 2017-10-29 | not yet calculated | CVE-2017-15973 MISC EXPLOIT-DB |
| ssh -- ssh_plugin |
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. | 2017-11-01 | not yet calculated | CVE-2017-1000245 CONFIRM |
| synology -- audio_station |
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. | 2017-10-30 | not yet calculated | CVE-2017-15888 CONFIRM |
| tenable -- securitycenter |
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access. | 2017-11-02 | not yet calculated | CVE-2017-11508 CONFIRM |
| tor -- browser |
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. | 2017-11-04 | not yet calculated | CVE-2017-16541 MISC MISC MISC MISC MISC |
| tp-link -- tl-wr741n/tl-wr741nd_router |
In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Firmware Version 3.11.7 Build 100603 Rel.56412n and Hardware Version: WR741N v1/v2 00000000, parameter SSID in the "Wireless Settings" is not properly validated. It's possible to inject malicious code: </script><H1>BUG/* </script><a href=XXX.com>. The second payload blocks the change of wireless settings. A factory reset is required. | 2017-10-31 | not yet calculated | CVE-2017-14250 MISC |
| tpanel -- tpanel |
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. | 2017-10-29 | not yet calculated | CVE-2017-15974 MISC EXPLOIT-DB |
| typecho -- typecho |
In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit. | 2017-10-30 | not yet calculated | CVE-2017-16230 MISC |
| us_zip_codes -- database_script |
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. | 2017-10-31 | not yet calculated | CVE-2017-15980 EXPLOIT-DB |
| vastal -- i-tech_agent_zone |
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. | 2017-10-31 | not yet calculated | CVE-2017-15991 EXPLOIT-DB |
| vastal -- i-tech_dating_zone |
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. | 2017-10-29 | not yet calculated | CVE-2017-15975 MISC EXPLOIT-DB |
| vim -- vim |
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. | 2017-10-31 | not yet calculated | CVE-2017-1000382 MLIST |
| vir.it -- explorer_anti-virus |
In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C. | 2017-11-03 | not yet calculated | CVE-2017-16237 EXPLOIT-DB |
| watchdog -- anti-malware |
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated. | 2017-10-30 | not yet calculated | CVE-2017-15920 MISC EXPLOIT-DB |
| watchdog -- anti-malware |
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated. | 2017-10-30 | not yet calculated | CVE-2017-15921 MISC EXPLOIT-DB |
| webkit -- webkit |
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products. | 2017-11-01 | not yet calculated | CVE-2017-1000121 CONFIRM |
| webkit -- webkit |
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products. | 2017-11-01 | not yet calculated | CVE-2017-1000122 CONFIRM |
| website_broker_script -- website_broker_script |
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php. | 2017-10-31 | not yet calculated | CVE-2017-15992 EXPLOIT-DB |
| websitescripts.org -- fake_magazine_cover_script |
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. | 2017-10-31 | not yet calculated | CVE-2017-15987 EXPLOIT-DBnice |
| wordpress -- wordpress |
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. | 2017-11-02 | not yet calculated | CVE-2017-16510 MISC MISC MISC MISC |
| xen -- xen |
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out. | 2017-10-30 | not yet calculated | CVE-2017-15597 MLIST BID SECTRACK CONFIRM CONFIRM |
| zeebuddy -- zeebuddy |
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604. | 2017-10-29 | not yet calculated | CVE-2017-15976 MISC EXPLOIT-DB |
| zomato -- clone_script |
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. | 2017-10-31 | not yet calculated | CVE-2017-15993 EXPLOIT-DB |
'IT 와 Social 이야기' 카테고리의 다른 글
| [NIA] 미래 사회에 지능을 더하다: 유통서비스 분야 (0) | 2017.11.09 |
|---|---|
| [한국데이터진흥원] 2016 빅데이터 아카데미 우수 프로젝트 사례 (0) | 2017.11.08 |
| [iitp] 도쿄 모터쇼에 비친 일본 자동차 업계의 스마트 IT 접목 현황 (0) | 2017.11.08 |
| [iitp] 아이폰과 연결해 사용하는 휴대형 초음파 진단 장비, 암 진단 성공 (0) | 2017.11.08 |
| [Naver D2] 인공지능 추천 시스템 AiRS 개발기: 모델링과 시스템 (0) | 2017.11.07 |
