|
|
|||||||
| Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
  |
|
|
Thread Tools | Display Modes |
|
#1
05-08-2017, 09:21 AM
|
||||
|
||||
SB17-128: Vulnerability Summary for the Week of May 1, 2017
SB17-128: Vulnerability Summary for the Week of May 1, 2017
05-08-2017 02:50 AM Original release date: May 08, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoiodata -- wn-g300r3_firmwareWN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.2017-04-289.0CVE-2017-2141 JVN MISCiodata -- wn-g300r3_firmwareBuffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-04-2810.0CVE-2017-2142 JVN MISCipa -- appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.2017-04-287.5CVE-2017-2101 JVN BIDBack to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infobooking_calendar_project -- booking_calendarDirectory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.2017-04-285.0CVE-2017-2150 JVN MISCbooking_calendar_project -- booking_calendarCross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-284.3CVE-2017-2151 JVN MISCbuffalo_inc -- wnc01wh_firmwareWNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.2017-04-285.2CVE-2017-2152 JVNcubecart -- cubecartDirectory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.2017-04-284.0CVE-2017-2090 JVN BID MISCcubecart -- cubecartDirectory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.2017-04-284.0CVE-2017-2098 JVN BID MISCcubecart -- cubecartDirectory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.2017-04-284.0CVE-2017-2117 JVN BID MISCcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.2017-04-284.0CVE-2017-2091 JVN BID MISCcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.2017-04-284.3CVE-2017-2093 JVN BID MISCcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.2017-04-284.0CVE-2017-2094 JVN BID MISCcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.2017-04-284.0CVE-2017-2095 JVN BID MISCcybozu -- officeCybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.2017-04-284.0CVE-2017-2115 JVN BID MISCcybozu -- officeCybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.2017-04-284.0CVE-2017-2116 JVN BID MISCgaku -- tablacus_explorerTablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory.2017-04-286.8CVE-2017-2140 JVN MISCi.con_corporation -- hoozin_viewerBuffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage.2017-04-286.8CVE-2017-2155 JVN MISCibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.2017-04-286.8CVE-2017-1194 CONFIRM BIDimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8343 BID CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8344 BID CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8345 BID CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8346 CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8347 CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8348 CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8349 CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8350 CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8351 CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8352 CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8353 CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8354 CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8355 CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8356 CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8357 CONFIRMinformation-technology_promotion_agency -- introduction_to_safe_website_operationSecurity guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data.2017-04-286.8CVE-2017-2128 JVN BIDipa -- appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors.2017-04-286.8CVE-2017-2099 JVN BIDipa -- appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.2017-04-286.8CVE-2017-2100 JVN BIDipa -- appgoatCross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-04-286.8CVE-2017-2102 JVN BIDjustsystems -- hanakoCross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-286.8CVE-2017-2154 JVN MISClibarchive -- libarchiveThe archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.2017-04-304.3CVE-2016-10349 MISClibarchive -- libarchiveThe archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.2017-04-304.3CVE-2016-10350 MISClibsndfile_project -- libsndfileThe flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-304.3CVE-2017-8361 MISClibsndfile_project -- libsndfileThe flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.2017-04-304.3CVE-2017-8362 MISClibsndfile_project -- libsndfileThe flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.2017-04-304.3CVE-2017-8363 MISClibsndfile_project -- libsndfileThe i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.2017-04-304.3CVE-2017-8365 MISCnetgear -- prosafe_plus_configuration_utilityProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.2017-04-284.3CVE-2017-2137 JVN MISColive_design -- olive_blogCross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter.2017-04-284.3CVE-2016-7839 JVN BIDolive_design -- olive_blogCross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter.2017-04-284.3CVE-2016-7840 JVN BIDolive_design -- olive_diary_dxCross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter.2017-04-284.3CVE-2016-7841 JVN BIDonethird -- onethird_cmsCross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php.2017-04-284.3CVE-2017-2123 JVN BID MISConethird -- onethird_cmsCross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php.2017-04-284.3CVE-2017-2124 JVN MISCsecurebrain -- phishwall_client_for_internet_explorerUntrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-04-286.8CVE-2017-2130 JVN MISC BIDuchida_yoko_co._ltd -- assetbaseCross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-284.3CVE-2017-2134 JVN BIDwbce -- wbce_cmsCross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-284.3CVE-2017-2118 JVN BID MISCwbce -- wbce_cmsDirectory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.2017-04-285.0CVE-2017-2119 JVN BID MISCwbce -- wbce_cmsSQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.2017-04-286.0CVE-2017-2120 JVN BID MISCwp_statistics -- wp_statisticsCross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-284.3CVE-2017-2135 JVN MISCwp_statistics -- wp_statisticsCross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.2017-04-284.3CVE-2017-2136 JVN BID MISCwp_statistics -- wp_statisticsCross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-284.3CVE-2017-2147 JVN BID MISCBack to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocybozu -- garoonCross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-283.5CVE-2017-2092 JVN BID MISCcybozu -- officeCross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-283.5CVE-2017-2114 JVN BID MISCiodata -- wn-ac1167gr_firmwareCross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-283.5CVE-2017-2148 JVN MISC BIDyourownprogrammer -- yop_pollCross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-283.5CVE-2017-2127 JVN BIDBack to top * Severity Not Yet Assigned Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info21st_century_insurance -- 21st_century_insurance_app *The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5919 MISC360fly -- 4k_cameras360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program.2017-05-01not yet calculatedCVE-2017-8403 MISC7-zip32.dll -- 7-zip32.dll *Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-04-28not yet calculatedCVE-2017-2107 MISC JVN BIDaccellioin -- accellion_fta *An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.2017-05-05not yet calculatedCVE-2017-8760 MISCaccellion -- fta_devices *An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.2017-05-05not yet calculatedCVE-2017-8304 MISCaccellion -- fta_devices *An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.2017-05-05not yet calculatedCVE-2017-8303 MISCaccellion -- fta *An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.2017-05-05not yet calculatedCVE-2017-8791 MISCaccellion -- fta *An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.2017-05-05not yet calculatedCVE-2017-8795 MISCaccellion -- fta *An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.2017-05-05not yet calculatedCVE-2017-8792 MISCaccellion -- fta *An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.2017-05-05not yet calculatedCVE-2017-8789 MISCaccellion -- fta *An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.2017-05-05not yet calculatedCVE-2017-8788 MISCaccellion -- fta *An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.2017-05-05not yet calculatedCVE-2017-8796 MISCaccellion -- fta *An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.2017-05-05not yet calculatedCVE-2017-8790 MISCaccellion -- fta *An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.2017-05-05not yet calculatedCVE-2017-8794 MISCaccellion -- fta *An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy.2017-05-05not yet calculatedCVE-2017-8793 MISCaccess_cx_app -- access_cx_app *The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-28not yet calculatedCVE-2017-2110 JVN BIDadvantech -- b+b_smartworx_mesr901_firmware *A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.2017-05-05not yet calculatedCVE-2017-7909 MISCadvantech -- webaccess *upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.2017-05-02not yet calculatedCVE-2016-5810 MISC MISCadvantech -- webaccess *An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.2017-05-05not yet calculatedCVE-2017-7929 MISCallied_telesis -- centrecom_ar260s_v2 *Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.2017-04-28not yet calculatedCVE-2017-2125 JVN MISC BIDamerica's_first_federal_credit_union -- mobile_banking_app *The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5916 MISCapache -- qpid_proton *The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.2017-05-02not yet calculatedCVE-2016-4467 MLIST BID SECTRACKatlassian -- hipchat *Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.2017-05-05not yet calculatedCVE-2017-8080 BID CONFIRM CONFIRMatlassian -- hipchat *Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.2017-05-05not yet calculatedCVE-2017-8058 MISCatlassian -- sourcetree *Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632.2017-05-04not yet calculatedCVE-2017-8768 MISC MISC MISCavahi -- avahi *avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.2017-04-30not yet calculatedCVE-2017-6519 MISC MISCaxis_communications -- network_cameras *The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.2017-05-02not yet calculatedCVE-2015-8257 MISC BID EXPLOIT-DBbanco_de_costa_rica -- bcr_movil_app *The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5918 MISCbanco_santander_mexico -- sa_puermovil_app *The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5911 MISCbmc -- server_automation *The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.2017-05-02not yet calculatedCVE-2016-5063 BID CONFIRMbose -- soundtouch_30 *The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.2017-04-30not yet calculatedCVE-2017-6520 MISCbrave -- brave *Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site.2017-05-03not yet calculatedCVE-2017-8458 MISC MISCca_technologies -- CA-client_automation *The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.2017-05-05not yet calculatedCVE-2017-8391 CONFIRMcertec_edv -- atvise_scada *A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution.2017-05-05not yet calculatedCVE-2017-6029 MISCcertec_edv -- atvise_scada *A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.2017-05-05not yet calculatedCVE-2017-6031 MISCcisco -- cvr100w_wireless-n_VPN_router *A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457.2017-05-03not yet calculatedCVE-2017-6620 BID CONFIRMcisco -- firepower *A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361.2017-05-03not yet calculatedCVE-2017-6625 BID CONFIRMcisco -- ios *A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939.2017-05-03not yet calculatedCVE-2017-6624 BID CONFIRMcisco -- unified_contact_center_enterprise *A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314.2017-05-03not yet calculatedCVE-2017-6626 BID CONFIRMcisco -- unity_connection *A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118.2017-05-03not yet calculatedCVE-2017-6629 BID CONFIRMcisco -- wide_area_application_services *A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133.2017-05-03not yet calculatedCVE-2017-6628 BID CONFIRMcitrix -- xenmobile_server *Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page.2017-05-05not yet calculatedCVE-2016-6877 MISCcloud_foundry -- cloud_controller *The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.2017-05-02not yet calculatedCVE-2016-5006 CONFIRM CONFIRMcraft_cms --*craft_cms *Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.2017-05-01not yet calculatedCVE-2017-8385 CONFIRM CONFIRMcraft_cms --*craft_cms *Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.2017-05-01not yet calculatedCVE-2017-8383 CONFIRM CONFIRMcraft_cms --*craft_cms *Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.2017-05-01not yet calculatedCVE-2017-8384 CONFIRM CONFIRMcybervision -- kaa_iot_platform *A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution.2017-05-05not yet calculatedCVE-2017-7911 MISCcybozu -- kunai *Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.2017-04-28not yet calculatedCVE-2017-2109 JVN BID MISCcybozu -- remote_service_manager *Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.2017-04-28not yet calculatedCVE-2016-7815 JVN BID MISCdahua -- multiple_devices *A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.2017-05-05not yet calculatedCVE-2017-7925 MISC MISCdahua -- multiple_devices *A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.2017-05-05not yet calculatedCVE-2017-7927 MISC MISCdollar_bank -- dollar_bank_mobile_app *The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5905 MISCdot_it -- banque_zitouna_app *The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5914 MISCelectronic_funds_source -- mobile_driver_source_app *The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5909 MISCemc -- data_dominion *EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system.2017-05-04not yet calculatedCVE-2017-4983 CONFIRM BIDemirates_nbd_bank -- pjsc_emirates_nbd_ksa_app *The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5915 MISCether_software -- multiple_productsBuffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username.2017-04-30not yet calculatedCVE-2017-8367 MISC EXPLOIT-DBettercap_project -- ettercap *The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter.2017-04-30not yet calculatedCVE-2017-8366 MISCeveryday_health -- diabetes_in_check_app *The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5906 MISCf5 -- multiple_products *An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.2017-05-01not yet calculatedCVE-2017-6128 CONFIRMforex.com -- forextrader_app *The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5912 MISCforex.com -- tradeking_forex_app *The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5913 MISCfoxit_software -- foxit_reader_phantompdfFoxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.2017-05-03not yet calculatedCVE-2017-8454 MISC MISCfoxit_software -- foxit_reader_phantompdf *Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.2017-05-03not yet calculatedCVE-2017-8453 MISC MISCfoxit_software -- foxit_reader_phantompdf *Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.2017-05-03not yet calculatedCVE-2017-8455 MISC MISCfoxit_software -- foxit_reader *Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in.2017-05-05not yet calculatedCVE-2017-8059 MISCfranklin_fueling_systems -- ts-550_evo *On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload.2017-05-01not yet calculatedCVE-2017-6565 MISC MISCfranklin_fueling_systems -- ts-550_evo *On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.2017-05-01not yet calculatedCVE-2017-6564 MISC MISCgenixcms -- genixcms *GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.2017-05-03not yet calculatedCVE-2017-8762 MISCgenixcms -- genixcms *GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.2017-05-01not yet calculatedCVE-2017-8377 MISCgenixcms -- genixcms *GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator.2017-05-01not yet calculatedCVE-2017-8376 MISCgenixcms -- genixcms *GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element.2017-05-04not yet calculatedCVE-2017-8780 MISCgenixcms -- genixcms *GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request.2017-05-01not yet calculatedCVE-2017-8388 MISCgetsimple -- getsimple_cms *Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.2017-04-30not yet calculatedCVE-2017-8081 CONFIRMgitlab -- gitlab *GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.2017-05-04not yet calculatedCVE-2017-8778 CONFIRM CONFIRMgnu_binutils -- gnu_binutils *The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.2017-05-01not yet calculatedCVE-2017-8397 CONFIRMgnu_binutils -- gnu_binutils *The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.2017-05-02not yet calculatedCVE-2017-8421 CONFIRMgnu_binutils -- gnu_binutils *The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.2017-05-01not yet calculatedCVE-2017-8396 CONFIRMgnu_binutils -- gnu_binutils *dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.2017-05-01not yet calculatedCVE-2017-8398 CONFIRMgnu_binutils -- gnu_binutils *The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.2017-05-01not yet calculatedCVE-2017-8394 CONFIRMgnu_binutils -- gnu_binutils *The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.2017-05-01not yet calculatedCVE-2017-8395 CONFIRMgnu_binutils -- gnu_binutils *The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.2017-05-01not yet calculatedCVE-2017-8393 CONFIRMgnu_binutils -- gnu_binutils *The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.2017-05-01not yet calculatedCVE-2017-8392 CONFIRMgnulib -- gnulib *Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c.2017-05-02not yet calculatedCVE-2017-7476 CONFIRM BID CONFIRM CONFIRM CONFIRMgoogle -- grpc *Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.2017-04-30not yet calculatedCVE-2017-8359 BID MISC MISCgreat_southern_bank -- great_southern_mobile_banking_app *The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5907 MISChibara -- attachecase *Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.2017-04-28not yet calculatedCVE-2016-7842 JVN BID MISChibara -- attachecase *Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.2017-04-28not yet calculatedCVE-2016-7843 JVN MISC BIDhikvision -- ds-2cd2xx2f-i_ds-2cd2xx0f-i *An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.2017-05-05not yet calculatedCVE-2017-7921 MISC MISChikvision -- ds-2cd2xx2f-i_ds-2cd2xx0f-i *A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.2017-05-05not yet calculatedCVE-2017-7923 MISC MISCibm -- bigfix_remote_control *IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512.2017-05-03not yet calculatedCVE-2016-2930 CONFIRM BIDibm -- insights_foundation_for_energy *IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907.2017-04-28not yet calculatedCVE-2017-1141 CONFIRM BIDibm -- marketing_platform *IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564.2017-05-05not yet calculatedCVE-2016-0255 CONFIRMibm -- maximo_asset_management *IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.2017-05-03not yet calculatedCVE-2016-9976 CONFIRM BIDibm -- tealeaf_consumer_experience *The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356.2017-05-03not yet calculatedCVE-2016-0382 CONFIRM BIDibm -- tivoli_storage_manager *IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.2017-05-05not yet calculatedCVE-2016-8916 CONFIRMibm -- websphere_cast_iron_solutions *IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515.2017-05-05not yet calculatedCVE-2016-9691 CONFIRMibm -- websphere_cast_iron_solutions *IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516.2017-05-05not yet calculatedCVE-2016-9692 CONFIRMibm -- websphere_portal *IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 1225922017-05-05not yet calculatedCVE-2017-1156 CONFIRMimagemagick -- imagemagick *The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.2017-05-04not yet calculatedCVE-2017-8765 CONFIRMintel -- intel_manageability_programs *An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).2017-05-02not yet calculatedCVE-2017-5689 BID CONFIRM CONFIRM MISC MISC MISCiodata -- webcam_firmware *Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-04-28not yet calculatedCVE-2017-2113 JVN MISC BIDiodata -- webcam_firmware *HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information.2017-04-28not yet calculatedCVE-2017-2111 JVN MISC BIDiodata -- webcam_firmware *TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-04-28not yet calculatedCVE-2017-2112 JVN MISC BIDirfanview -- irfanview *IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file.2017-04-30not yet calculatedCVE-2017-7721 CONFIRM MISCirods -- irods *Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved via igetwild. Because igetwild is a Bash script, the part of the pathname following the semicolon would be executed in the user's shell.2017-05-05not yet calculatedCVE-2017-8799 CONFIRMk-opticom*-- business_lala_call_app *The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-28not yet calculatedCVE-2017-2104 JVN BIDk-opticom*-- lala_call_app *The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-28not yet calculatedCVE-2017-2103 JVN BIDkerio -- connect *Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.2017-05-02not yet calculatedCVE-2017-7440 MISCkmcis -- caseaware *An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.2017-05-01not yet calculatedCVE-2017-5631 MISClame -- lame *LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.2017-05-02not yet calculatedCVE-2017-8419 MISClibreoffice -- libreoffice *LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.2017-04-30not yet calculatedCVE-2017-8358 MISC MISClibtirpc_ntirpc -- libtirpc_ntirpc *rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.2017-05-04not yet calculatedCVE-2017-8779 MISC MISC MISC MISClinux -- linux_kernel *The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.2017-05-02not yet calculatedCVE-2014-9940 CONFIRM CONFIRM CONFIRMlinux -- linux_kernel *kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.2017-05-02not yet calculatedCVE-2015-9004 CONFIRM BID CONFIRM CONFIRMlinux -- linux_kernel *The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.2017-04-28not yet calculatedCVE-2017-7895 BID CONFIRM CONFIRMlinuxcontainers -- lxc *lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.2017-05-01not yet calculatedCVE-2016-8649 BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMnetiq -- imanager *NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.2017-05-03not yet calculatedCVE-2017-7428 CONFIRM CONFIRM CONFIRMnovell -- imanager *Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.2017-05-03not yet calculatedCVE-2017-7431 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMnovell -- imanager *Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.2017-05-03not yet calculatedCVE-2017-7430 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMnovell -- imanager *Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.2017-05-03not yet calculatedCVE-2017-7432 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMnvidia -- video_driver *An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331.2017-05-02not yet calculatedCVE-2017-0331 CONFIRMopenssl -- openssl *In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.2017-05-04not yet calculatedCVE-2016-7053 BID CONFIRMopenssl -- openssl *There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.2017-05-04not yet calculatedCVE-2017-3732 BID CONFIRMopenssl -- openssl *There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.2017-05-04not yet calculatedCVE-2016-7055 BID CONFIRMopenssl -- openssl *If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.2017-05-04not yet calculatedCVE-2017-3731 BID CONFIRMopenssl -- openssl *During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.2017-05-04not yet calculatedCVE-2017-3733 BID CONFIRMopenssl -- openssl *In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.2017-05-04not yet calculatedCVE-2017-3730 BID CONFIRMopenssl -- openssl *In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.2017-05-04not yet calculatedCVE-2016-7054 BID CONFIRMopsview -- monitor_pro *In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /.2017-05-03not yet calculatedCVE-2016-10367 MISCopsview -- monitor_pro *Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the /login URI.2017-05-03not yet calculatedCVE-2016-10368 MISCpalo_alto_networks -- pan-os *The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters.2017-05-02not yet calculatedCVE-2017-7216 BID CONFIRMpanda_security -- panda_mobile_security_app *Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.2017-05-05not yet calculatedCVE-2017-8060 MISCpayquicker -- payquicker_app *The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5902 MISCpcre2 -- pcre2 *pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.2017-05-04not yet calculatedCVE-2017-8786 MISC MISC MISC MISCpcre2 -- pcre2 *PCRE2 before 2017-03-10 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."2017-05-01not yet calculatedCVE-2017-8399 MISC MISCpexip -- infinity *Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.2017-05-02not yet calculatedCVE-2017-6551 BID CONFIRMpodofo -- podofo *Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.2017-04-30not yet calculatedCVE-2017-8378 MISCpodofo -- podpfo *The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamE ntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.2017-05-05not yet calculatedCVE-2017-8787 MISCprimedrive -- desktop_application *Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-04-28not yet calculatedCVE-2017-2108 JVN BID MISCproxmox -- mail_gateway *Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter.2017-05-03not yet calculatedCVE-2015-9058 MISCproxmox -- mail_gateway *Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm.2017-05-03not yet calculatedCVE-2015-9057 MISCqemu -- qemu *Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.2017-05-02not yet calculatedCVE-2017-8086 CONFIRM MLIST BID CONFIRM MLISTqemu -- qemu *hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.2017-05-02not yet calculatedCVE-2017-8112 MLIST BID CONFIRM MLISTquick_heal -- multiple_productsQuick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.2017-05-04not yet calculatedCVE-2017-8774 MISCquick_heal -- multiple_products *Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.2017-05-04not yet calculatedCVE-2017-8775 MISCquick_heal -- multiple_products *Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.2017-05-04not yet calculatedCVE-2017-8773 MISCquick_heal -- multiple_products *Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product.2017-05-04not yet calculatedCVE-2017-8776 MISCradicale -- radicale *Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.2017-04-30not yet calculatedCVE-2017-8342 CONFIRM CONFIRM CONFIRM CONFIRMrapid7 -- appspider_pro *Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.2017-05-03not yet calculatedCVE-2017-5236 CONFIRMrapid7 -- appspider_pro *Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash.2017-05-03not yet calculatedCVE-2017-5240 CONFIRMrockwell_automation -- controllogix_5580_controllers *A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.2017-05-05not yet calculatedCVE-2017-6024 MISCrubocop -- rubocopRuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.2017-05-02not yet calculatedCVE-2017-8418 MISC MISCruby -- ruby *The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.2017-05-02not yet calculatedCVE-2016-4442 MLIST CONFIRM CONFIRMrxvt -- rxvt *Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.2017-05-02not yet calculatedCVE-2017-7483 MLIST MLISTrzip -- rzip_2.1 *The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.2017-04-30not yet calculatedCVE-2017-8364 MISCsandisk -- sdhc/sdxc_memory_card *Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-04-28not yet calculatedCVE-2017-2149 JVN BID MISCschneider_electric -- struxureware_data_center_expert *Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.2017-04-30not yet calculatedCVE-2017-8371 MISC MISCsmalruby-editor -- smalruby-editor *smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-04-28not yet calculatedCVE-2017-2096 JVN MISC BIDsoftonic -- panda_free_antivirus *PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver.2017-04-30not yet calculatedCVE-2017-8339 MISCspace_coast_credit_union -- space_coast_credit_union_mobile_app *The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-3212 MISC BID MISCstate_bank_of_india -- state_bank_anywhere_app *The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5901 MISCsupport-project -- knowledge *Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-04-28not yet calculatedCVE-2017-2097 JVN BIDswftools -- swftools *In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS.2017-05-01not yet calculatedCVE-2017-8401 CONFIRMswftools -- swftools *In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution.2017-05-01not yet calculatedCVE-2017-8400 CONFIRMtelaxus -- epesi *Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter.2017-05-04not yet calculatedCVE-2017-8763 MISCtelegram -- telegram_desktop *Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations.2017-04-30not yet calculatedCVE-2016-10351 MISCtex_live -- tex_live *TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.2017-05-02not yet calculatedCVE-2016-10243 DEBIAN MLIST BID FEDORA FEDORA MISC CONFIRMthink_mutual_bank -- think_mutual_bank_mobile_banking_app *The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-3213 MISC BID MISCtrend_micro -- officescan *Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.2017-05-03not yet calculatedCVE-2017-5481 BID CONFIRMtrend_micro -- officescan *Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.2017-05-05not yet calculatedCVE-2017-8801 CONFIRM CONFIRMtver -- tver_app *The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-28not yet calculatedCVE-2017-2105 JVN BIDunderbit -- mad *The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.2017-04-30not yet calculatedCVE-2017-8372 MISCunderbit -- mad *The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-30not yet calculatedCVE-2017-8373 MISCunderbit -- mad *The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.2017-04-30not yet calculatedCVE-2017-8374 MISCvaultive -- o365 *PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure).2017-05-03not yet calculatedCVE-2017-7229 MISCvivaldi_software -- vivaldi *Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.2017-04-28not yet calculatedCVE-2017-2156 BID JVN MISCwebmin -- webmin *Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-28not yet calculatedCVE-2017-2106 JVN BID MISCwordpress -- wordpress *WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message.2017-05-04not yet calculatedCVE-2017-8295 BID MISC EXPLOIT-DBxen_project -- xen *Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.2017-05-03not yet calculatedCVE-2017-7995 CONFIRM CONFIRMxirrus -- arrayos *SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2017-05-05not yet calculatedCVE-2017-6557 CONFIRMBack to top This product is provided subject to this Notification and this Privacy & Use policy. More... 
|
| Sponsored Links |
     |
Linear Mode
