*** 출처: [US-CERT: Bulletin(SB17-324)] 2017년 11월 13일까지 발표된 보안 취약점
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alchemist.vim -- alchemist.vim |
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code. | 2017-11-17 | not yet calculated | CVE-2017-1000212 CONFIRM |
| altavault -- ost |
AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution. | 2017-11-16 | not yet calculated | CVE-2017-15517 CONFIRM |
| amazon -- key |
Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving. | 2017-11-16 | not yet calculated | CVE-2017-16867 MISC MISC MISC |
| apache -- camel |
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. | 2017-11-15 | not yet calculated | CVE-2017-12634 CONFIRM BID CONFIRM |
| apache -- camel |
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. | 2017-11-15 | not yet calculated | CVE-2017-12633 CONFIRM BID CONFIRM |
| apache -- couchdb |
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges. | 2017-11-14 | not yet calculated | CVE-2017-12635 BID MLIST |
| apache -- couchdb |
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet. | 2017-11-14 | not yet calculated | CVE-2017-12636 MLIST |
| apache -- cxf |
Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size". | 2017-11-14 | not yet calculated | CVE-2017-12624 CONFIRM BID |
| apache -- hadoop |
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. | 2017-11-13 | not yet calculated | CVE-2017-3166 MLIST |
| apache -- karaf |
Apache Karaf enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. | 2017-11-15 | not yet calculated | CVE-2014-0219 BID CONFIRM |
| apache -- openoffice |
An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit. | 2017-11-13 | not yet calculated | CVE-2016-6803 BID SECTRACK CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event. | 2017-11-12 | not yet calculated | CVE-2017-7113 SECTRACK CONFIRM |
| apple -- ios |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a Siri request for private-content notifications that should not have been available in the lock-screen state. | 2017-11-12 | not yet calculated | CVE-2017-13805 SECTRACK CONFIRM |
| apple -- ios |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state. | 2017-11-12 | not yet calculated | CVE-2017-13844 SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file. | 2017-11-12 | not yet calculated | CVE-2017-13816 SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file. | 2017-11-12 | not yet calculated | CVE-2017-13807 SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2017-11-12 | not yet calculated | CVE-2017-13846 SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13818 SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Sandbox" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13838 SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg functions. | 2017-11-12 | not yet calculated | CVE-2017-13782 SECTRACK MISC CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13842 SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0 support. | 2017-11-12 | not yet calculated | CVE-2017-13832 SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile. | 2017-11-12 | not yet calculated | CVE-2017-13809 SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Fonts" component. It allows remote attackers to spoof the user interface via crafted text. | 2017-11-12 | not yet calculated | CVE-2017-13828 SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted mach binary. | 2017-11-12 | not yet calculated | CVE-2017-13834 SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image. | 2017-11-12 | not yet calculated | CVE-2017-13831 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font. | 2017-11-12 | not yet calculated | CVE-2017-13820 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents. | 2017-11-12 | not yet calculated | CVE-2017-13819 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13821 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search. | 2017-11-12 | not yet calculated | CVE-2017-13801 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file. | 2017-11-12 | not yet calculated | CVE-2017-13814 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted font file. | 2017-11-12 | not yet calculated | CVE-2017-13825 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2017-11-12 | not yet calculated | CVE-2017-13815 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13823 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13822 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13843 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13840 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted archive file. | 2017-11-12 | not yet calculated | CVE-2017-13812 SECTRACK CONFIRM |
| apple -- macos |
An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions. | 2017-11-12 | not yet calculated | CVE-2017-13817 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "HFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13830 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted AppleScript file that is mishandled by osadecompile. | 2017-11-12 | not yet calculated | CVE-2017-13824 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13829 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13833 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13841 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13836 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter. | 2017-11-12 | not yet calculated | CVE-2017-13786 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters. | 2017-11-12 | not yet calculated | CVE-2017-13810 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Remote Management" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13808 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file. | 2017-11-12 | not yet calculated | CVE-2017-13813 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13800 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "fsck_msdos" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13811 SECTRACK CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document. | 2017-11-12 | not yet calculated | CVE-2017-7132 SECTRACK CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate. | 2017-11-12 | not yet calculated | CVE-2017-13852 CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted text file. | 2017-11-12 | not yet calculated | CVE-2017-13849 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13783 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive. | 2017-11-12 | not yet calculated | CVE-2017-13804 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13784 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13794 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13793 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13802 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13798 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13797 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13796 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13795 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13785 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13788 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13803 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13791 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13792 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-11-12 | not yet calculated | CVE-2017-13799 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari |
An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13789 SECTRACK CONFIRM |
| apple -- safari |
An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 2017-11-12 | not yet calculated | CVE-2017-13790 SECTRACK CONFIRM |
| arris -- arris_tg1682g_devices |
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | 2017-11-15 | not yet calculated | CVE-2017-16836 MISC EXPLOIT-DB |
| automationdirect -- click_programming |
An Uncontrolled Search Path Element issue was discovered in AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) versions 2.10 and prior, C-More Programming Software (Part Number EA9-PGMSW) versions 6.30 and prior, C-More Micro (Part Number EA-PGMSW) versions 4.20.01.0 and prior, GS Drives Configuration Software (Part Number GSOFT) versions 4.0.6 and prior, and SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) versions 1.1.0.5 and prior. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application. | 2017-11-13 | not yet calculated | CVE-2017-14020 BID MISC |
| b3log -- symphony |
b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid. | 2017-11-14 | not yet calculated | CVE-2017-16821 CONFIRM |
| b3log -- symphony |
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java. | 2017-11-18 | not yet calculated | CVE-2017-16881 CONFIRM |
| big-ip -- big-ip |
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself. | 2017-11-17 | not yet calculated | CVE-2017-6168 SECTRACK CONFIRM |
| blackberry -- qnx_software_development_platform |
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader. | 2017-11-14 | not yet calculated | CVE-2017-9369 CONFIRM |
| blackberry -- qnx_software_development_platform |
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks. | 2017-11-14 | not yet calculated | CVE-2017-3893 CONFIRM |
| blackberry -- qnx_software_development_platform |
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources. | 2017-11-14 | not yet calculated | CVE-2017-3892 CONFIRM |
| blackberry -- qnx_software_development_platform |
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node. | 2017-11-14 | not yet calculated | CVE-2017-3891 CONFIRM |
| blackberry -- qnx_software_development_platform |
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation. | 2017-11-14 | not yet calculated | CVE-2017-9371 CONFIRM |
| book_walker -- book_walker |
Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-11-17 | not yet calculated | CVE-2017-10887 CONFIRM JVN |
| book_walker -- book_walker |
BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors. | 2017-11-17 | not yet calculated | CVE-2017-10888 CONFIRM JVN |
| british_columbia_institute_of_technology -- codeigniter |
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. | 2017-11-16 | not yet calculated | CVE-2017-1000247 MISC |
| ca_technologies -- ca_identity_governance |
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | 2017-11-14 | not yet calculated | CVE-2017-9394 BID CONFIRM |
| cacti -- cacti |
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | 2017-11-10 | not yet calculated | CVE-2017-16785 SECTRACK MISC |
| cacti -- cacti |
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | 2017-11-15 | not yet calculated | CVE-2014-4000 CONFIRM CONFIRM GENTOO CONFIRM |
| cern -- root |
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution | 2017-11-17 | not yet calculated | CVE-2017-1000203 CONFIRM |
| cern -- root |
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution | 2017-11-17 | not yet calculated | CVE-2017-1000215 MISC CONFIRM CONFIRM |
| cisco -- asa_next-generation_firewall_services |
A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. The vulnerability is due to an implementation error that exists in the process of creating default IP blocks when the device is initialized, and the way in which those IP blocks interact with user-configured filters for local IP management traffic (for example, SSH to the device). An attacker could exploit this vulnerability by sending traffic to the local IP address of the targeted device. A successful exploit could allow the attacker to connect to the local IP address of the device even when there are filters configured to deny the traffic. Cisco Bug IDs: CSCvd97962. | 2017-11-16 | not yet calculated | CVE-2017-12299 CONFIRM |
| cisco -- asyncos |
A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943. | 2017-11-16 | not yet calculated | CVE-2017-12303 SECTRACK CONFIRM |
| cisco -- email_security_appliance |
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705. | 2017-11-16 | not yet calculated | CVE-2017-12309 SECTRACK CONFIRM |
| cisco -- findit_network_discovery_utility |
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCvf37955. | 2017-11-16 | not yet calculated | CVE-2017-12314 CONFIRM |
| cisco -- firepower_system_software |
A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. The vulnerability is due to the incorrect detection of an SMB2 file when the detection is based on the length of the file. An attacker could exploit this vulnerability by sending a crafted SMB2 transfer request through the targeted device. A successful exploit could allow the attacker to bypass filters that are configured to block SMB2 traffic. Cisco Bug IDs: CSCve58398. | 2017-11-16 | not yet calculated | CVE-2017-12300 BID CONFIRM |
| cisco -- hyperflex_system |
A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472. | 2017-11-16 | not yet calculated | CVE-2017-12315 BID CONFIRM |
| cisco -- identity_services_engine |
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518. | 2017-11-16 | not yet calculated | CVE-2017-12316 SECTRACK CONFIRM |
| cisco -- immunet_antimalware_installer |
An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvf23928. | 2017-11-16 | not yet calculated | CVE-2017-12312 CONFIRM |
| cisco -- ios_and_ios_xe |
A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the web-based management interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf60862. | 2017-11-16 | not yet calculated | CVE-2017-12304 BID SECTRACK CONFIRM |
| cisco -- ip_phone_8800_series |
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034. | 2017-11-16 | not yet calculated | CVE-2017-12305 BID SECTRACK CONFIRM |
| cisco -- meeting_server | A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition because the media process could restart. The media session should be re-established within a few seconds, during which there could be a brief interruption in service. Cisco Bug IDs: CSCvg12559. | 2017-11-16 | not yet calculated | CVE-2017-12311 BID SECTRACK CONFIRM |
| cisco -- network_academy_packet_tracer |
An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability. | 2017-11-16 | not yet calculated | CVE-2017-12313 BID CONFIRM |
| cisco -- registered_envelope_service |
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | 2017-11-16 | not yet calculated | CVE-2017-12323 BID CONFIRM |
| cisco -- registered_envelope_service |
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | 2017-11-16 | not yet calculated | CVE-2017-12290 BID CONFIRM |
| cisco -- registered_envelope_service |
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | 2017-11-16 | not yet calculated | CVE-2017-12320 BID CONFIRM |
| cisco -- registered_envelope_service |
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | 2017-11-16 | not yet calculated | CVE-2017-12292 BID CONFIRM |
| cisco -- registered_envelope_service |
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | 2017-11-16 | not yet calculated | CVE-2017-12322 BID CONFIRM |
| cisco -- registered_envelope_service |
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | 2017-11-16 | not yet calculated | CVE-2017-12321 BID CONFIRM |
| cisco -- registered_envelope_service |
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | 2017-11-16 | not yet calculated | CVE-2017-12291 BID CONFIRM |
| cisco -- rf_gateway |
A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. The vulnerability is due to a processing error with TCP connections to the affected device. An attacker could exploit this vulnerability by establishing a large number of TCP connections to an affected device and not actively closing those TCP connections. A successful exploit could allow the attacker to prevent the affected device from delivering SDV or VoD streams to set-top boxes. Cisco Bug IDs: CSCvf19887. | 2017-11-16 | not yet calculated | CVE-2017-12318 BID CONFIRM |
| cisco -- spark_board |
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502. | 2017-11-16 | not yet calculated | CVE-2017-12306 CONFIRM |
| cisco -- umbrella_insights_virtual_appliances |
A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220. | 2017-11-16 | not yet calculated | CVE-2017-12350 BID CONFIRM MISC |
| cisco -- unified_communications_manager |
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Cisco Bug IDs: CSCvf36682. | 2017-11-16 | not yet calculated | CVE-2017-12302 BID SECTRACK CONFIRM |
| cisco -- voice_operating_system |
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797. | 2017-11-16 | not yet calculated | CVE-2017-12337 BID SECTRACK SECTRACK SECTRACK SECTRACK SECTRACK SECTRACK SECTRACK SECTRACK CONFIRM |
| cloud_foundry -- foundation_grootfs |
Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer. | 2017-11-13 | not yet calculated | CVE-2017-14388 CONFIRM |
| cms_made_simple -- cms_made_simple |
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. | 2017-11-12 | not yet calculated | CVE-2017-16799 MISC |
| cms_made_simple -- cms_made_simple |
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. | 2017-11-12 | not yet calculated | CVE-2017-16798 MISC |
| codiad -- codiad |
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | 2017-11-17 | not yet calculated | CVE-2017-1000125 MISC |
| confire -- confire |
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. | 2017-11-10 | not yet calculated | CVE-2017-16763 CONFIRM MISC MISC |
| creolabs -- gravity |
Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition. | 2017-11-16 | not yet calculated | CVE-2017-1000172 MISC |
| creolabs -- gravity |
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow. | 2017-11-16 | not yet calculated | CVE-2017-1000173 MISC |
| cs-cart -- cs-cart |
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 2017-11-17 | not yet calculated | CVE-2017-10886 CONFIRM JVN |
| cyberduck -- cyberduck |
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | 2017-11-15 | not yet calculated | CVE-2014-2845 SECUNIA BUGTRAQ CONFIRM |
| cygnux -- syspass |
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information. | 2017-11-17 | not yet calculated | CVE-2017-1000192 CONFIRM |
| d-link -- dcs-936l_devices |
D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | 2017-11-15 | not yet calculated | CVE-2017-7851 MISC MISC |
|
dahua_technology -- network_video_recorders |
Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. | 2017-11-13 | not yet calculated | CVE-2017-9314 CONFIRM |
| dayrui_finecms -- dayrui_finecms |
dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field. | 2017-11-16 | not yet calculated | CVE-2017-16866 CONFIRM |
| debian -- postgresql |
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | 2017-11-13 | not yet calculated | CVE-2017-8806 CONFIRM BID CONFIRM CONFIRM |
| django_make_app -- django_make_app |
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. | 2017-11-10 | not yet calculated | CVE-2017-16764 MISC MISC |
| ellislab -- expressionengine |
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection | 2017-11-17 | not yet calculated | CVE-2017-1000160 MISC |
| exiv2 -- exiv2 |
exiv2 0.26 contains a Stack out of bounds read in webp parser | 2017-11-17 | not yet calculated | CVE-2017-1000126 MLIST |
| exiv2 -- exiv2 |
Exiv2 0.26 contains a heap buffer overflow in tiff parser | 2017-11-17 | not yet calculated | CVE-2017-1000127 MLIST |
| exiv2 -- exiv2 |
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser | 2017-11-17 | not yet calculated | CVE-2017-1000128 MLIST |
| filp_whoops -- filp_whoops |
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS. | 2017-11-17 | not yet calculated | CVE-2017-16880 CONFIRM |
| fortinet -- fortios |
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. | 2017-11-13 | not yet calculated | CVE-2017-7739 BID SECTRACK CONFIRM |
| freebsd -- freebsd |
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace. | 2017-11-16 | not yet calculated | CVE-2017-1086 BID SECTRACK FREEBSD |
| freebsd -- freebsd |
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace. | 2017-11-16 | not yet calculated | CVE-2017-1088 BID SECTRACK FREEBSD |
| freebsd -- freebsd |
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation. | 2017-11-16 | not yet calculated | CVE-2017-1087 BID SECTRACK FREEBSD |
| geminabox -- geminabox |
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb. | 2017-11-13 | not yet calculated | CVE-2017-16792 CONFIRM CONFIRM MISC |
| gemirro -- gemirro |
Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. | 2017-11-15 | not yet calculated | CVE-2017-16833 CONFIRM |
| gnu -- binutils |
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. | 2017-11-15 | not yet calculated | CVE-2017-16827 CONFIRM CONFIRM |
| gnu -- binutils |
The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. | 2017-11-15 | not yet calculated | CVE-2017-16828 CONFIRM CONFIRM |
| gnu -- binutils |
The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file. | 2017-11-15 | not yet calculated | CVE-2017-16830 CONFIRM CONFIRM |
| gnu -- binutils |
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file. | 2017-11-15 | not yet calculated | CVE-2017-16826 CONFIRM CONFIRM |
| gnu -- binutils |
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. | 2017-11-15 | not yet calculated | CVE-2017-16831 CONFIRM CONFIRM |
| gnu -- binutils |
The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file. | 2017-11-15 | not yet calculated | CVE-2017-16829 CONFIRM CONFIRM |
| gnu -- binutils |
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. | 2017-11-15 | not yet calculated | CVE-2017-16832 CONFIRM CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. Android ID: A-36006981. | 2017-11-16 | not yet calculated | CVE-2017-0861 CONFIRM |
| google -- android | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894. | 2017-11-16 | not yet calculated | CVE-2017-0858 CONFIRM |
| google -- android | Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131. | 2017-11-16 | not yet calculated | CVE-2017-0859 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818. | 2017-11-16 | not yet calculated | CVE-2017-0838 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779. | 2017-11-16 | not yet calculated | CVE-2017-0862 CONFIRM |
| google -- android | A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506. | 2017-11-16 | not yet calculated | CVE-2017-0852 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064. | 2017-11-16 | not yet calculated | CVE-2017-0860 CONFIRM |
| google -- android | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226. | 2017-11-16 | not yet calculated | CVE-2017-0836 BID CONFIRM |
| google -- android |
An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941. | 2017-11-16 | not yet calculated | CVE-2017-0831 BID CONFIRM |
| google -- android |
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837. | 2017-11-16 | not yet calculated | CVE-2017-0854 CONFIRM |
| google -- android |
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. | 2017-11-16 | not yet calculated | CVE-2017-0845 CONFIRM |
| google -- android |
An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488. | 2017-11-16 | not yet calculated | CVE-2017-0843 CONFIRM |
| google -- android |
An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498. | 2017-11-16 | not yet calculated | CVE-2017-0830 BID CONFIRM |
| google -- android |
An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-34705801. References: N-CVE-2017-6274. | 2017-11-14 | not yet calculated | CVE-2017-6274 CONFIRM |
| google -- android |
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399. | 2017-11-16 | not yet calculated | CVE-2017-0849 CONFIRM |
| google -- android |
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941. | 2017-11-16 | not yet calculated | CVE-2017-0850 CONFIRM |
| google -- android |
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195. | 2017-11-16 | not yet calculated | CVE-2017-0865 CONFIRM |
| google -- android |
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670. | 2017-11-16 | not yet calculated | CVE-2017-0840 BID CONFIRM |
| google -- android |
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644. | 2017-11-16 | not yet calculated | CVE-2017-0853 CONFIRM |
| google -- android |
An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999. | 2017-11-16 | not yet calculated | CVE-2017-0847 CONFIRM |
| google -- android |
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217. | 2017-11-16 | not yet calculated | CVE-2017-0848 CONFIRM |
| google -- android |
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820. | 2017-11-16 | not yet calculated | CVE-2017-0832 BID CONFIRM |
| google -- android |
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003. | 2017-11-16 | not yet calculated | CVE-2017-0839 BID CONFIRM |
| google -- android |
An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264. | 2017-11-14 | not yet calculated | CVE-2017-6264 BID CONFIRM |
| google -- android |
An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513. | 2017-11-16 | not yet calculated | CVE-2017-0842 BID CONFIRM |
| google -- android |
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570. | 2017-11-16 | not yet calculated | CVE-2017-0851 CONFIRM |
| google -- android |
Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447. | 2017-11-16 | not yet calculated | CVE-2017-0857 CONFIRM |
| google -- android |
An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571. | 2017-11-16 | not yet calculated | CVE-2017-0864 CONFIRM |
| google -- android |
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384. | 2017-11-16 | not yet calculated | CVE-2017-0833 BID CONFIRM |
| google -- android |
An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620. | 2017-11-16 | not yet calculated | CVE-2017-0863 CONFIRM |
| google -- android |
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832. | 2017-11-16 | not yet calculated | CVE-2017-0835 BID CONFIRM |
| google -- android |
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953. | 2017-11-16 | not yet calculated | CVE-2017-0834 BID CONFIRM |
| google -- android |
An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275. | 2017-11-14 | not yet calculated | CVE-2017-6275 CONFIRM |
| google -- android |
A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026. | 2017-11-16 | not yet calculated | CVE-2017-0841 BID CONFIRM |
| google -- pixel |
An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. This could lead to kernel memory corruption and possible code execution. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-38415808. References: N-CVE-2017-0866. | 2017-11-16 | not yet calculated | CVE-2017-0866 CONFIRM |
| hashicorp -- vagrant-vmware-fusion |
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root. | 2017-11-16 | not yet calculated | CVE-2017-16777 MISC |
| i-o_data_device -- lan_disk_connect |
I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. | 2017-11-13 | not yet calculated | CVE-2017-10875 JVN CONFIRM |
| iBall -- ib-wra300n3gt |
Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi. | 2017-11-13 | not yet calculated | CVE-2017-11169 MISC |
| i_librarian -- i_librarian |
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | 2017-11-16 | not yet calculated | CVE-2017-1000237 MISC |
| i_librarian -- i_librarian |
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. | 2017-11-16 | not yet calculated | CVE-2017-1000236 MISC |
| i_librarian -- i_librarian |
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | 2017-11-16 | not yet calculated | CVE-2017-1000235 MISC |
| i_librarian -- i_librarian |
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter | 2017-11-16 | not yet calculated | CVE-2017-1000234 MISC |
| ibm -- security_access_manager_appliance |
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372. | 2017-11-13 | not yet calculated | CVE-2017-1453 CONFIRM MISC |
| ibm -- security_access_manager_appliance |
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612. | 2017-11-13 | not yet calculated | CVE-2017-1477 CONFIRM MISC |
| ibm -- storwize |
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531. | 2017-11-13 | not yet calculated | CVE-2017-1710 CONFIRM BID SECTRACK MISC |
| ibm -- tivoli_endpoint_manager |
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123908. | 2017-11-13 | not yet calculated | CVE-2017-1229 CONFIRM MISC |
| ibm -- tivoli_endpoint_manager |
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861. | 2017-11-13 | not yet calculated | CVE-2017-1221 CONFIRM BID MISC |
| icinga_core -- icinga_core |
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido. | 2017-11-18 | not yet calculated | CVE-2017-16882 MISC |
| icon_time -- icon_time_systems_rtc-1000 |
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges. | 2017-11-17 | not yet calculated | CVE-2017-16819 MISC |
| ikarus -- ikarus_anti.virus |
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c. | 2017-11-15 | not yet calculated | CVE-2017-14961 MISC MISC EXPLOIT-DB CONFIRM |
| intel -- unite_app |
Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure. | 2017-11-16 | not yet calculated | CVE-2017-5738 CONFIRM |
| invoiceplane -- invoiceplane |
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site. | 2017-11-16 | not yet calculated | CVE-2017-1000239 MISC |
| invoiceplane -- invoiceplane |
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver. | 2017-11-16 | not yet calculated | CVE-2017-1000238 MISC |
| ipsilon -- ipsilon |
Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability." | 2017-11-16 | not yet calculated | CVE-2017-16855 MISC |
| java -- java |
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. | 2017-11-16 | not yet calculated | CVE-2017-1000209 CONFIRM |
| jooan -- ip_camera_a5_2.3.36_devices |
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device. | 2017-11-17 | not yet calculated | CVE-2017-16566 MISC |
| jool -- jool |
Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS. | 2017-11-17 | not yet calculated | CVE-2017-1000191 CONFIRM |
| jqueryfiletree -- jqueryfiletree |
jqueryFileTree 2.1.5 and older Directory Traversal | 2017-11-17 | not yet calculated | CVE-2017-1000170 MISC |
| kickbase -- kickbase_bundesliga_manager |
The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication. | 2017-11-13 | not yet calculated | CVE-2017-14711 MISC |
| kirby_panel -- kirby_panel |
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file. | 2017-11-13 | not yet calculated | CVE-2017-16807 CONFIRM MISC EXPLOIT-DB |
| kodak -- insite |
Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp. | 2017-11-14 | not yet calculated | CVE-2017-9085 MISC |
| konversation -- konversation |
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. | 2017-11-15 | not yet calculated | CVE-2017-15923 CONFIRM CONFIRM DEBIAN |
| lansweeper -- lansweeper |
LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. | 2017-11-15 | not yet calculated | CVE-2017-16841 EXPLOIT-DB MISC |
| ldns -- ldns |
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. | 2017-11-16 | not yet calculated | CVE-2017-1000232 MISC |
| ldns -- ldns |
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. | 2017-11-16 | not yet calculated | CVE-2017-1000231 MISC |
| libav -- libav |
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream. | 2017-11-13 | not yet calculated | CVE-2017-16803 BID CONFIRM CONFIRM |
| libavcodec -- libavcodec |
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact. | 2017-11-15 | not yet calculated | CVE-2017-14034 MISC |
| libbpg -- libbpg |
The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference. | 2017-11-15 | not yet calculated | CVE-2017-13136 MISC |
| libbpg -- libbpg |
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. | 2017-11-15 | not yet calculated | CVE-2017-13135 MISC |
| libming -- libming |
The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file. | 2017-11-18 | not yet calculated | CVE-2017-16883 CONFIRM |
| lightftp -- lightftp |
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution. | 2017-11-16 | not yet calculated | CVE-2017-1000218 CONFIRM |
| linux -- kernel |
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. | 2017-11-15 | not yet calculated | CVE-2017-15115 CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRM |
| linux -- kernel |
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. | 2017-11-15 | not yet calculated | CVE-2017-15102 CONFIRM CONFIRM BID CONFIRM CONFIRM |
| lynx -- lynx |
Lynx version 2.8.8 and older is vulnerable to a use after free in the HTML parser resulting in memory disclosure. | 2017-11-17 | not yet calculated | CVE-2017-1000211 MISC |
| mediawiki -- mediawiki | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. | 2017-11-15 | not yet calculated | CVE-2017-8812 SECTRACK CONFIRM DEBIAN |
| mediawiki -- mediawiki |
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability. | 2017-11-15 | not yet calculated | CVE-2017-8809 SECTRACK CONFIRM DEBIAN |
| mediawiki -- mediawiki |
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." | 2017-11-15 | not yet calculated | CVE-2017-8814 SECTRACK CONFIRM DEBIAN |
| mediawiki -- mediawiki |
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. | 2017-11-15 | not yet calculated | CVE-2017-8815 SECTRACK CONFIRM DEBIAN |
| mediawiki -- mediawiki |
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests. | 2017-11-15 | not yet calculated | CVE-2017-8810 SECTRACK CONFIRM DEBIAN |
| mediawiki -- mediawiki |
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | 2017-11-15 | not yet calculated | CVE-2017-8808 SECTRACK CONFIRM DEBIAN |
| mediawiki -- mediawiki |
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. | 2017-11-15 | not yet calculated | CVE-2017-8811 SECTRACK CONFIRM DEBIAN |
| microsoft -- .net_core |
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11883 BID SECTRACK CONFIRM |
| microsoft -- .net_core |
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11770 BID SECTRACK CONFIRM |
| microsoft -- asp.net_core |
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11879 BID SECTRACK CONFIRM |
| microsoft -- asp.net_core |
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-8700 BID SECTRACK CONFIRM |
| microsoft -- device_guard |
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11830 BID SECTRACK CONFIRM |
| microsoft -- edge |
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11845 BID SECTRACK CONFIRM |
| microsoft -- excel |
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11878 BID SECTRACK CONFIRM |
| microsoft -- excel |
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11877 BID SECTRACK CONFIRM |
| microsoft -- excel |
Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882. | 2017-11-14 | not yet calculated | CVE-2017-11884 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer |
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11855. | 2017-11-14 | not yet calculated | CVE-2017-11856 BID CONFIRM |
| microsoft -- internet_explorer |
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11827 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- internet_explorer |
Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11848 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer |
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856. | 2017-11-14 | not yet calculated | CVE-2017-11855 BID CONFIRM |
| microsoft -- internet_explorer |
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11869 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- multiple_products | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874. | 2017-11-14 | not yet calculated | CVE-2017-11872 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11839 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791. | 2017-11-14 | not yet calculated | CVE-2017-11834 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11850 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11837 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11836 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872. | 2017-11-14 | not yet calculated | CVE-2017-11874 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11833. | 2017-11-14 | not yet calculated | CVE-2017-11844 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11876 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11870 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11843 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11866 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11833 and CVE-2017-11844. | 2017-11-14 | not yet calculated | CVE-2017-11803 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11871. | 2017-11-14 | not yet calculated | CVE-2017-11873 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- multiple_products |
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834. | 2017-11-14 | not yet calculated | CVE-2017-11791 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11838 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11840 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11858 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11871 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11846 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11841 BID SECTRACK CONFIRM |
| microsoft -- multiple_products |
ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11862 BID SECTRACK CONFIRM |
| microsoft -- office |
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884. | 2017-11-14 | not yet calculated | CVE-2017-11882 BID SECTRACK MISC MISC CONFIRM CERT-VN |
| microsoft -- office |
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11854 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel |
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11831. | 2017-11-14 | not yet calculated | CVE-2017-11880 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel |
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11847 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel |
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851. | 2017-11-14 | not yet calculated | CVE-2017-11853 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel |
Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11849, CVE-2017-11851, and CVE-2017-11853. | 2017-11-14 | not yet calculated | CVE-2017-11842 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel |
The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853. | 2017-11-14 | not yet calculated | CVE-2017-11851 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel |
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11851, and CVE-2017-11853. | 2017-11-14 | not yet calculated | CVE-2017-11849 BID SECTRACK CONFIRM |
| microsoft -- windows_kernel |
Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11880. | 2017-11-14 | not yet calculated | CVE-2017-11831 BID SECTRACK CONFIRM |
| microsoft -- windows_media_player |
Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." | 2017-11-14 | not yet calculated | CVE-2017-11768 BID SECTRACK CONFIRM |
| microsoft -- windows_search |
Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11788 BID SECTRACK CONFIRM |
| microsoft -- windows |
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844. | 2017-11-14 | not yet calculated | CVE-2017-11833 BID SECTRACK CONFIRM |
| microsoft -- windows |
Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 2017-11-14 | not yet calculated | CVE-2017-11861 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- windows |
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874. | 2017-11-14 | not yet calculated | CVE-2017-11863 BID SECTRACK CONFIRM |
| microsoft -- windows |
Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832. | 2017-11-14 | not yet calculated | CVE-2017-11835 BID SECTRACK CONFIRM |
| microsoft -- windows |
The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835. | 2017-11-14 | not yet calculated | CVE-2017-11832 BID SECTRACK CONFIRM |
| microsoft -- windows |
Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability". | 2017-11-14 | not yet calculated | CVE-2017-11852 BID SECTRACK CONFIRM |
| misp -- misp |
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. | 2017-11-13 | not yet calculated | CVE-2017-16802 CONFIRM |
| modx_revolution -- modx_revolution |
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS. | 2017-11-17 | not yet calculated | CVE-2017-1000223 MISC |
| moxa -- eds-g512e_5.1_build_16072215_devices |
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. | 2017-11-17 | not yet calculated | CVE-2017-13700 MISC |
| moxa -- eds-g512e_5.1_build_16072215_devices |
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. | 2017-11-17 | not yet calculated | CVE-2017-13702 MISC |
| moxa -- eds-g512e_5.1_build_16072215_devices |
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. | 2017-11-17 | not yet calculated | CVE-2017-13703 MISC |
| moxa – nport_5110 |
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device. | 2017-11-16 | not yet calculated | CVE-2017-16719 MISC |
| moxa – nport_5110 |
A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets. | 2017-11-16 | not yet calculated | CVE-2017-14028 MISC |
| moxa – nport_5110 |
An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure. | 2017-11-16 | not yet calculated | CVE-2017-16715 MISC |
| netapp – snapcenter_server |
NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | 2017-11-16 | not yet calculated | CVE-2017-15516 CONFIRM |
| nodejs -- nodejs_ejs |
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function | 2017-11-16 | not yet calculated | CVE-2017-1000228 MISC |
| nodejs -- nodejs_ejs |
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() | 2017-11-16 | not yet calculated | CVE-2017-1000189 MISC |
| nodejs -- nodejs_ejs |
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection | 2017-11-16 | not yet calculated | CVE-2017-1000188 MISC |
| npm -- npm |
npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user | 2017-11-16 | not yet calculated | CVE-2017-1000219 CONFIRM |
| ntt_docomo -- wi-fi_station_l-02f |
Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors. | 2017-11-13 | not yet calculated | CVE-2017-10871 JVN |
| october -- october_cms |
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. | 2017-11-16 | not yet calculated | CVE-2017-1000195 MISC |
| october -- october_cms |
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server. | 2017-11-16 | not yet calculated | CVE-2017-1000197 MISC |
| october -- october_cms |
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. | 2017-11-16 | not yet calculated | CVE-2017-1000196 MISC |
| october -- october_cms |
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser. | 2017-11-16 | not yet calculated | CVE-2017-1000193 MISC |
| october -- october_cms |
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | 2017-11-16 | not yet calculated | CVE-2017-1000194 MISC |
| octopus_deploy -- octopus_deploy |
Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter. | 2017-11-13 | not yet calculated | CVE-2017-16801 CONFIRM |
| octopus_deploy -- octopus_deploy |
Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter. | 2017-11-13 | not yet calculated | CVE-2017-16810 CONFIRM |
|
open_ticket_request_system -- open_ticket_request_system |
In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information
open_ticket_request_system -- open_ticket_request_system like database user and password. |
2017-11-16 | not yet calculated | CVE-2017-15864 CONFIRM |
| opencast -- opencast |
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X. | 2017-11-17 | not yet calculated | CVE-2017-1000221 CONFIRM |
| opencast -- opencast |
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. | 2017-11-17 | not yet calculated | CVE-2017-1000217 CONFIRM |
| openemr -- openemr |
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. | 2017-11-16 | not yet calculated | CVE-2017-1000240 MISC |
| openemr -- openemr |
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators. | 2017-11-16 | not yet calculated | CVE-2017-1000241 MISC |
| opensaml -- opensaml |
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105. | 2017-11-16 | not yet calculated | CVE-2017-16853 CONFIRM CONFIRM CONFIRM DEBIAN |
| openssl -- openssl |
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. | 2017-11-13 | not yet calculated | CVE-2016-8610 MLIST BID SECTRACK CONFIRM CONFIRM MISC DEBIAN |
| openstack -- nova |
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. | 2017-11-14 | not yet calculated | CVE-2017-16239 CONFIRM CONFIRM |
| optipng -- optipng |
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. | 2017-11-17 | not yet calculated | CVE-2017-1000229 MISC |
| oracle -- tuxedo |
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L). | 2017-11-14 | not yet calculated | CVE-2017-10272 CONFIRM BID |
| oracle -- tuxedo |
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Tuxedo accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 2017-11-14 | not yet calculated | CVE-2017-10266 CONFIRM BID |
| oracle -- tuxedo |
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2017-11-14 | not yet calculated | CVE-2017-10267 CONFIRM BID |
| oracle -- tuxedo |
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L). | 2017-11-14 | not yet calculated | CVE-2017-10269 CONFIRM BID |
| oracle -- tuxedo |
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data as well as unauthorized update, insert or delete access to some of Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L). | 2017-11-14 | not yet calculated | CVE-2017-10278 CONFIRM BID |
| orange -- livebox |
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | 2017-11-15 | not yet calculated | CVE-2014-3150 MISC |
| paperclip -- paperclip |
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources. | 2017-11-13 | not yet calculated | CVE-2017-0889 CONFIRM MISC MISC |
| paperclip -- paperclip |
The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery. | 2017-11-13 | not yet calculated | CVE-2017-0904 MISC CONFIRM CONFIRM MISC MISC |
| paperclip -- paperclip |
The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery. | 2017-11-16 | not yet calculated | CVE-2017-0909 CONFIRM MISC |
| philips_intellispace -- cardiovascular_and_xcelera |
The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements. | 2017-11-17 | not yet calculated | CVE-2017-14111 BID MISC CONFIRM |
| phoenix_framework -- phoenix_framework |
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks. | 2017-11-17 | not yet calculated | CVE-2017-1000163 CONFIRM |
| picotcp -- picotcp |
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack | 2017-11-16 | not yet calculated | CVE-2017-1000210 CONFIRM |
| pjsip -- pjsip |
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values. | 2017-11-17 | not yet calculated | CVE-2017-16872 CONFIRM CONFIRM |
| pjsip -- pjsip |
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations. | 2017-11-17 | not yet calculated | CVE-2017-16875 CONFIRM CONFIRM |
| pnp4nagios -- pnp4nagios |
PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. | 2017-11-15 | not yet calculated | CVE-2017-16834 MISC |
| procmail -- procmail |
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. | 2017-11-16 | not yet calculated | CVE-2017-16844 MISC |
| psftpd -- psftpd | The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server. | 2017-11-15 | not yet calculated | CVE-2017-15269 MISC BUGTRAQ MISC |
| psftpd -- psftpd |
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password. | 2017-11-15 | not yet calculated | CVE-2017-15272 MISC BUGTRAQ MISC |
| psftpd -- psftpd |
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free. | 2017-11-15 | not yet calculated | CVE-2017-15271 MISC BUGTRAQ EXPLOIT-DB MISC |
| psftpd -- psftpd |
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log. | 2017-11-15 | not yet calculated | CVE-2017-15270 MISC BUGTRAQ EXPLOIT-DB MISC |
| python -- python |
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) | 2017-11-17 | not yet calculated | CVE-2017-1000158 MISC |
| python --python |
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. | 2017-11-16 | not yet calculated | CVE-2017-1000246 MISC |
| qemu -- qemu |
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. | 2017-11-17 | not yet calculated | CVE-2017-16845 MLIST |
| qualcomm -- msm | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in the service-locator driver function service_locator_send_msg(). | 2017-11-16 | not yet calculated | CVE-2017-11032 CONFIRM |
| qualcomm -- msm | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in buffer overflow since the frame parser allows challenge text of length up to 253 bytes, but the driver can not handle challenge text larger than 128 bytes. | 2017-11-16 | not yet calculated | CVE-2017-11015 BID CONFIRM |
| qualcomm -- msm | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and "csr_roam_issue_ft_preauth_req" due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size. | 2017-11-16 | not yet calculated | CVE-2017-11035 CONFIRM |
| qualcomm -- msm | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Free condition. | 2017-11-16 | not yet calculated | CVE-2017-11024 CONFIRM |
| qualcomm -- msm | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of information elements using ini file. | 2017-11-16 | not yet calculated | CVE-2017-11022 CONFIRM |
| qualcomm -- msm | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an upper-bound validation when reading "num_of_cea_blocks" from the untrusted source (EDID), kernel memory can be exposed. | 2017-11-16 | not yet calculated | CVE-2017-11093 CONFIRM |
| qualcomm -- msm | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel | 2017-11-16 | not yet calculated | CVE-2017-11018 CONFIRM |
| qualcomm -- msm | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early. | 2017-11-16 | not yet calculated | CVE-2017-11091 CONFIRM |
| qualcomm -- msm | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow. | 2017-11-16 | not yet calculated | CVE-2017-11029 CONFIRM |
| qualcomm -- msm | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible to corrupt memory, or access uninitialized memory. | 2017-11-16 | not yet calculated | CVE-2017-11017 BID CONFIRM |
| qualcomm -- msm | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur. | 2017-11-16 | not yet calculated | CVE-2017-11092 BID CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against "MSM_ISP_STATS_MAX". | 2017-11-16 | not yet calculated | CVE-2017-9696 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory. | 2017-11-16 | not yet calculated | CVE-2017-9701 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability. | 2017-11-16 | not yet calculated | CVE-2017-11027 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a buffer overflow can occur while parsing the splash image. | 2017-11-16 | not yet calculated | CVE-2017-9721 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no boundary check against "pIe->arraybound". | 2017-11-16 | not yet calculated | CVE-2017-11013 BID CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information. | 2017-11-16 | not yet calculated | CVE-2017-8279 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys. | 2017-11-16 | not yet calculated | CVE-2017-11026 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver. | 2017-11-16 | not yet calculated | CVE-2017-9702 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads. | 2017-11-16 | not yet calculated | CVE-2017-11023 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow. | 2017-11-16 | not yet calculated | CVE-2017-9690 BID CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range. | 2017-11-16 | not yet calculated | CVE-2017-9719 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use. | 2017-11-16 | not yet calculated | CVE-2017-11038 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes. | 2017-11-16 | not yet calculated | CVE-2017-11090 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data(). | 2017-11-16 | not yet calculated | CVE-2017-11028 BID CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur. | 2017-11-16 | not yet calculated | CVE-2017-11058 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in msm_audio_effects_virtualizer_handler, file msm-audio-effects-q6-v2.c | 2017-11-16 | not yet calculated | CVE-2017-11085 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a stack-based buffer overflow can occur. | 2017-11-16 | not yet calculated | CVE-2017-11012 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes | 2017-11-16 | not yet calculated | CVE-2017-11089 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur. | 2017-11-16 | not yet calculated | CVE-2017-11025 CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer overflow can occur. | 2017-11-16 | not yet calculated | CVE-2017-11014 BID CONFIRM |
| qualcomm -- msm |
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space. | 2017-11-16 | not yet calculated | CVE-2017-11073 CONFIRM |
| quickerbb -- quickerbb |
QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB. | 2017-11-17 | not yet calculated | CVE-2017-1000169 CONFIRM |
| radare2 -- radare2 |
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. | 2017-11-13 | not yet calculated | CVE-2017-16805 CONFIRM CONFIRM |
| realtek -- realtek_audio_driver |
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. | 2017-11-13 | not yet calculated | CVE-2017-3767 CONFIRM |
| recurly -- recurly |
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. | 2017-11-13 | not yet calculated | CVE-2017-0907 CONFIRM CONFIRM MISC |
| recurly -- recurly |
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources. | 2017-11-13 | not yet calculated | CVE-2017-0906 CONFIRM CONFIRM MISC |
| recurly -- recurly |
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources. | 2017-11-13 | not yet calculated | CVE-2017-0905 CONFIRM CONFIRM MISC |
| redis-store -- redis-store |
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis | 2017-11-16 | not yet calculated | CVE-2017-1000248 MISC |
| redmine -- redmine |
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. | 2017-11-13 | not yet calculated | CVE-2017-16804 CONFIRM CONFIRM CONFIRM |
| relevanssi -- relevanssi_premium |
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can | 2017-11-17 | not yet calculated | CVE-2017-1000225 MISC |
| salutation_responsive -- wordpress_buddypress_theme |
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can | 2017-11-17 | not yet calculated | CVE-2017-1000227 MISC |
| samtools -- samtools |
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution | 2017-11-17 | not yet calculated | CVE-2017-1000206 CONFIRM |
| sandisk -- secure_access |
SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes. | 2017-11-16 | not yet calculated | CVE-2017-16560 MISC |
| sbi_securities -- hyper_sbi |
Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-11-13 | not yet calculated | CVE-2017-10885 JVN |
| scala -- scala |
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | 2017-11-15 | not yet calculated | CVE-2017-15288 CONFIRM CONFIRM CONFIRM CONFIRM |
| schneider_electric -- indusoft_web_studio |
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges. | 2017-11-13 | not yet calculated | CVE-2017-14024 BID MISC |
| securimage -- securimage |
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | 2017-11-17 | not yet calculated | CVE-2017-14077 MISC |
| serendipity -- serendipity |
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | 2017-11-17 | not yet calculated | CVE-2017-1000129 MISC |
| sharp -- multiple_products |
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors. | 2017-11-17 | not yet calculated | CVE-2017-10890 JVN |
| shibboleth -- shibboleth_service_provider |
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763. | 2017-11-16 | not yet calculated | CVE-2017-16852 CONFIRM CONFIRM CONFIRM DEBIAN |
| siemens -- sicam_rtus_sm-2556_com_module |
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network. | 2017-11-15 | not yet calculated | CVE-2017-12737 CONFIRM |
| siemens -- sicam_rtus_sm-2556_com_module |
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link. | 2017-11-15 | not yet calculated | CVE-2017-12738 CONFIRM |
| siemens -- sicam_rtus_sm-2556_com_module |
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device. | 2017-11-15 | not yet calculated | CVE-2017-12739 CONFIRM |
| siemens -- snap7 |
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. | 2017-11-17 | not yet calculated | CVE-2017-1000230 MISC |
| simplexml -- simplexml |
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. | 2017-11-17 | not yet calculated | CVE-2017-1000190 CONFIRM |
| snmp -- snmp |
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). | 2017-11-14 | not yet calculated | CVE-2017-16820 CONFIRM CONFIRM CONFIRM CONFIRM |
| sodiumoxide -- sodiumoxide |
sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys | 2017-11-17 | not yet calculated | CVE-2017-1000168 CONFIRM |
| soyuka/pidusage -- soyuka/pidusage |
soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution | 2017-11-16 | not yet calculated | CVE-2017-1000220 MISC |
| swagger-parser -- swagger-parser |
A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification. | 2017-11-16 | not yet calculated | CVE-2017-1000208 CONFIRM |
| swftools -- swftools |
In SWFTools, a memcpy buffer overflow was found in gif2swf. | 2017-11-16 | not yet calculated | CVE-2017-1000185 MISC |
| swftools -- swftools |
In SWFTools, a memory leak was found in wav2swf. | 2017-11-16 | not yet calculated | CVE-2017-1000182 MISC |
| swftools -- swftools |
In SWFTools, an address access exception was found in swfdump swf_GetBits(). | 2017-11-16 | not yet calculated | CVE-2017-1000174 MISC |
| swftools -- swftools |
In SWFTools, a memcpy buffer overflow was found in swfc. | 2017-11-16 | not yet calculated | CVE-2017-1000176 MISC |
| swftools -- swftools |
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file. | 2017-11-12 | not yet calculated | CVE-2017-16797 MISC |
| swftools -- swftools |
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF() | 2017-11-16 | not yet calculated | CVE-2017-1000187 MISC |
| swftools -- swftools |
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file. | 2017-11-12 | not yet calculated | CVE-2017-16796 MISC |
| swftools -- swftools |
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. | 2017-11-12 | not yet calculated | CVE-2017-16793 MISC |
| swftools -- swftools |
In SWFTools, a stack overflow was found in pdf2swf. | 2017-11-16 | not yet calculated | CVE-2017-1000186 MISC |
| swftools -- swftools |
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file. | 2017-11-17 | not yet calculated | CVE-2017-16868 MISC |
| swftools -- swftools |
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf. | 2017-11-12 | not yet calculated | CVE-2017-16794 MISC |
| symantec – endpoint_encryption |
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. | 2017-11-13 | not yet calculated | CVE-2017-15526 BID CONFIRM |
| symantec – endpoint_encryption |
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | 2017-11-13 | not yet calculated | CVE-2017-15525 BID CONFIRM |
| tablepress -- tablepress |
TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. | 2017-11-17 | not yet calculated | CVE-2017-10889 JVN CONFIRM |
| tcmu_runner -- tcmu_runner |
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service | 2017-11-16 | not yet calculated | CVE-2017-1000198 MISC |
| tcmu_runner -- tcmu_runner |
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service | 2017-11-16 | not yet calculated | CVE-2017-1000200 MISC |
| tcmu_runner -- tcmu_runner |
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack | 2017-11-16 | not yet calculated | CVE-2017-1000201 MISC |
| tcmu_runner -- tcmu_runner |
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. | 2017-11-16 | not yet calculated | CVE-2017-1000199 MISC |
| tcpdump -- tcpdump |
tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. | 2017-11-13 | not yet calculated | CVE-2017-16808 SECTRACK CONFIRM |
| tibco -- jasperreports |
A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0. | 2017-11-15 | not yet calculated | CVE-2017-5533 BID CONFIRM |
| tibco -- jasperreports |
A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below. | 2017-11-15 | not yet calculated | CVE-2017-5532 BID CONFIRM |
| tine -- tine |
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation | 2017-11-17 | not yet calculated | CVE-2017-1000164 MISC |
| trusted_boot -- trusted_boot |
Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers. | 2017-11-15 | not yet calculated | CVE-2017-16837 MISC |
| ulterius -- ulterius |
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | 2017-11-13 | not yet calculated | CVE-2017-16806 CONFIRM EXPLOIT-DB |
| upx -- upx |
** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever." | 2017-11-17 | not yet calculated | CVE-2017-16869 MISC |
| varnish-cache -- varnish_http_cache |
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects. | 2017-11-15 | not yet calculated | CVE-2017-8807 CONFIRM CONFIRM CONFIRM CONFIRM DEBIAN |
| vmware -- airwatch_console |
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL. | 2017-11-16 | not yet calculated | CVE-2017-4930 BID SECTRACK CONFIRM |
| vmware -- airwatch_console |
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content. | 2017-11-16 | not yet calculated | CVE-2017-4931 BID SECTRACK CONFIRM |
| vmware -- airwatch_launcher |
VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege. | 2017-11-16 | not yet calculated | CVE-2017-4932 BID SECTRACK CONFIRM |
| vmware -- nsx_edge |
VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. | 2017-11-17 | not yet calculated | CVE-2017-4929 SECTRACK CONFIRM |
| vmware -- vcenter_server |
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. | 2017-11-17 | not yet calculated | CVE-2017-4927 BID SECTRACK CONFIRM |
| vmware -- workstation_and_fusion |
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. | 2017-11-17 | not yet calculated | CVE-2017-4934 SECTRACK CONFIRM |
| vmware -- workstation_and_fusion |
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | 2017-11-17 | not yet calculated | CVE-2017-4938 SECTRACK CONFIRM |
| vmware -- workstation_and_horizon_view_client_for_windows |
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client. | 2017-11-17 | not yet calculated | CVE-2017-4935 SECTRACK SECTRACK CONFIRM |
| vmware -- workstation_and_horizon_view_client_for_windows |
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client. | 2017-11-17 | not yet calculated | CVE-2017-4937 SECTRACK SECTRACK CONFIRM |
| vmware -- workstation_and_horizon_view_client_for_windows |
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. | 2017-11-17 | not yet calculated | CVE-2017-4936 SECTRACK SECTRACK CONFIRM |
| vmware -- workstation |
VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code. | 2017-11-17 | not yet calculated | CVE-2017-4939 CONFIRM |
| vonage -- vdv-23_115_3.2.11-0.9.40_devices |
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. | 2017-11-16 | not yet calculated | CVE-2017-16843 MISC EXPLOIT-DB |
| vsphere -- web_client |
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. | 2017-11-17 | not yet calculated | CVE-2017-4928 BID SECTRACK CONFIRM |
| wbce -- wbce |
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search | 2017-11-16 | not yet calculated | CVE-2017-1000213 CONFIRM |
| wordpress -- wordpress |
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. | 2017-11-17 | not yet calculated | CVE-2017-16871 MISC |
| wordpress -- wordpress |
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly. | 2017-11-14 | not yet calculated | CVE-2017-16815 MISC MISC |
| wordpress -- wordpress |
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. | 2017-11-17 | not yet calculated | CVE-2017-16870 MISC |
| wordpress -- wordpress |
Stop User Enumeration 1.3.8 allows user enumeration via the REST API | 2017-11-17 | not yet calculated | CVE-2017-1000226 MISC |
| wordpress -- wordpress |
Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML. | 2017-11-15 | not yet calculated | CVE-2017-16842 MISC MISC |
| youtube -- youtube |
CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin | 2017-11-16 | not yet calculated | CVE-2017-1000224 MISC |
| zeit_next.js -- zeit_next.js |
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. | 2017-11-17 | not yet calculated | CVE-2017-16877 CONFIRM |
| zeta_components -- mail |
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | 2017-11-15 | not yet calculated | CVE-2017-15806 BID CONFIRM CONFIRM MISC MISC EXPLOIT-DB |
| zoho -- manageengine_applications_manager |
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | 2017-11-16 | not yet calculated | CVE-2017-16847 MISC |
| zoho -- manageengine_applications_manager |
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /MyPage.do widgetid parameter. | 2017-11-16 | not yet calculated | CVE-2017-16851 MISC |
| zoho -- manageengine_applications_manager |
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | 2017-11-16 | not yet calculated | CVE-2017-16850 MISC |
| zoho -- manageengine_applications_manager |
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | 2017-11-16 | not yet calculated | CVE-2017-16848 MISC |
| zoho -- manageengine_applications_manager |
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | 2017-11-16 | not yet calculated | CVE-2017-16846 MISC |
| zoho -- manageengine_applications_manager |
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | 2017-11-16 | not yet calculated | CVE-2017-16849 MISC |
'IT 와 Social 이야기' 카테고리의 다른 글
| [NIA] 지능화 시대 'Civic Tech'의 발전과 디지털 사회혁신 전략 - 신은희 책임 (0) | 2017.11.23 |
|---|---|
| [Ed Fernandez] Explainable Artficial Intelligence(XAI) - 설명가능인공지능 (0) | 2017.11.22 |
| [iitp] 현실 같은 가짜를 상상으로 만들어 내는 새로운 인공지능 'GAN' - 박종훈 (0) | 2017.11.22 |
| [ETRI] 인공지능과 디지털 제국주의 - 이승민 (0) | 2017.11.21 |
| [KOTRA] 일본, AI스피커의 최종 목표는 커넥티드 홈 (0) | 2017.11.20 |
