SB17-205: Vulnerability Summary for the Week of July 17, 2017

The Patriot · #1 08-01-2017, 09:07 PM

SB17-205: Vulnerability Summary for the Week of July 17, 2017

07-24-2017 05:47 AM

Original release date: July 24, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- openmeetingsUploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.2017-07-177.5 CVE-2017-7664
MLIST
BIDapple -- itunesAn issue was discovered in certain Apple products. iTunes before 12.6.2 on Windows is affected. The issue involves the "iTunes" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-07-209.3 CVE-2017-7053
BID
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-07-207.9 CVE-2017-7050
BID
SECTRACK
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-07-207.9 CVE-2017-7051
BID
SECTRACK
CONFIRMapple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-07-207.9 CVE-2017-7054
BID
SECTRACK
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-209.3 CVE-2017-7040
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-209.3 CVE-2017-7041
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-209.3 CVE-2017-7042
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-209.3 CVE-2017-7043
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-207.5 CVE-2017-7049
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-207.5 CVE-2017-7052
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-207.5 CVE-2017-7055
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-207.5 CVE-2017-7056
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-207.5 CVE-2017-7061
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMchitora -- lhazUntrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2246
CONFIRM
JVNchitora -- lhazUntrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2247
CONFIRM
JVNchitora -- lhaz+Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2248
CONFIRM
JVNchitora -- lhaz+Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2249
CONFIRM
JVNcisco -- iosThe Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve57697.2017-07-179.0 CVE-2017-6736
BID
SECTRACK
CONFIRMcisco -- iosThe Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60402.2017-07-179.0 CVE-2017-6737
BID
SECTRACK
CONFIRMcisco -- iosThe Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve89865, CSCsy56638.2017-07-179.0 CVE-2017-6738
BID
SECTRACK
CONFIRMcisco -- iosThe Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66540.2017-07-179.0 CVE-2017-6739
BID
SECTRACK
CONFIRMcisco -- iosThe Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601.2017-07-179.0 CVE-2017-6740
BID
SECTRACK
CONFIRMcisco -- iosThe Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60376, CSCve78027.2017-07-179.0 CVE-2017-6743
BID
SECTRACK
CONFIRMcisco -- iosThe Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve78027, CSCve60276.2017-07-179.0 CVE-2017-6744
BID
SECTRACK
CONFIRMcisco -- ios_xeThe Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66658.2017-07-179.0 CVE-2017-6741
BID
SECTRACK
CONFIRMcisco -- ios_xeThe Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve54313.2017-07-179.0 CVE-2017-6742
BID
SECTRACK
CONFIRMcreolabs -- gravityCreolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations2017-07-177.5 CVE-2017-1000072
CONFIRMcreolabs -- gravityCreolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution.2017-07-177.5 CVE-2017-1000073
CONFIRMcreolabs -- gravityCreolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.2017-07-177.5 CVE-2017-1000074
CONFIRMcreolabs -- gravityCreolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function2017-07-177.5 CVE-2017-1000075
CONFIRMeyesofnetwork -- eyesofnetworkEyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root2017-07-1710.0 CVE-2017-1000060
MISCfiyo -- fiyo_cmsFiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name.2017-07-177.5 CVE-2017-11354
MISCfiyo -- fiyo_cmsFiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id'].2017-07-187.5 CVE-2017-11412
MISCfiyo -- fiyo_cmsFiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id'].2017-07-187.5 CVE-2017-11413
MISCfiyo -- fiyo_cmsFiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id'].2017-07-187.5 CVE-2017-11414
MISCfiyo -- fiyo_cmsFiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level'].2017-07-187.5 CVE-2017-11415
MISCfiyo -- fiyo_cmsFiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter.2017-07-187.5 CVE-2017-11416
MISCfiyo -- fiyo_cmsFiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id'].2017-07-187.5 CVE-2017-11417
MISCfiyo -- fiyo_cmsFiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i].2017-07-187.5 CVE-2017-11418
MISCfiyo -- fiyo_cmsFiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title'].2017-07-187.5 CVE-2017-11419
MISCframasoft -- framadateFramadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution2017-07-177.5 CVE-2017-1000039
CONFIRMfreeradius -- freeradiusAn FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.2017-07-177.5 CVE-2017-10979
CONFIRM
BID
SECTRACKfreeradius -- freeradiusAn FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.2017-07-177.5 CVE-2017-10984
CONFIRMfreeradius -- freeradiusAn FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.2017-07-177.8 CVE-2017-10985
CONFIRMfujielectric -- v-serverAn issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution.2017-07-177.5 CVE-2017-9639
BID
MISCglpi-project -- glpiGLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.2017-07-207.5 CVE-2017-11474
CONFIRMglpi-project -- glpiGLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.2017-07-207.5 CVE-2017-11475
CONFIRMgnome -- gtk-vncgtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering2017-07-177.5 CVE-2017-1000044
CONFIRMgoogle -- androidAndroid 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X.2017-07-177.2 CVE-2016-10398
MISChibara -- attachecaseUntrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.2.8.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2271
JVNhibara -- attachecaseUntrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.3.2.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2272
JVNimagemagick -- imagemagickThe ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.2017-07-197.1 CVE-2017-11446
CONFIRMintelliants -- subrion_cmsSubrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.2017-07-197.5 CVE-2017-11444
CONFIRMintelliants -- subrion_cmsSubrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.2017-07-197.5 CVE-2017-11445
CONFIRMlogicaldoc -- logicaldocLogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.2017-07-177.5 CVE-2017-1000021
MISClogicaldoc -- logicaldocLogicalDoc CommunityEdition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation2017-07-177.5 CVE-2017-1000022
MISCmicrosoft -- edgeA remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."2017-07-179.3 CVE-2017-0152
CONFIRMonosproject -- onosLinux foundation ONOS 1.9.0 is vulnerable to a DoS2017-07-177.8 CVE-2017-1000079
MISConosproject -- onosLinux foundation ONOS 1.9.0 allows unauthenticated use of websockets2017-07-177.5 CVE-2017-1000080
MISConosproject -- onosLinux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution2017-07-177.5 CVE-2017-1000081
MISCphp -- phpIn PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.2017-07-177.5 CVE-2017-11362
MISCrbenv -- rbenvrbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution2017-07-177.5 CVE-2017-1000047
MISCresume-next -- filecapsule_deluxe_portableUntrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2265
CONFIRM
JVNresume-next -- filecapsule_deluxe_portableUntrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2266
CONFIRM
JVNresume-next -- filecapsule_deluxe_portableUntrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2267
CONFIRM
JVNresume-next -- filecapsule_deluxe_portableUntrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2268
CONFIRM
JVNresume-next -- filecapsule_deluxe_portableUntrusted search path vulnerability in FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2269
CONFIRM
JVNresume-next -- filecapsule_deluxe_portableUntrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2270
CONFIRM
JVNsourcenext -- file_compactUntrusted search path vulnerability in Self-extracting archive files created by File Compact Ver.5 version 5.09 and earlier, Ver.6 version 6.01 and earlier, Ver.7 version 7.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2252
JVNwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.2017-07-187.8 CVE-2017-11406
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMwireshark -- wiresharkIn Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.2017-07-187.8 CVE-2017-11409
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMwireshark -- wiresharkIn Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.2017-07-187.8 CVE-2017-11410
CONFIRM
CONFIRM
CONFIRMwireshark -- wiresharkIn Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.2017-07-187.8 CVE-2017-11411
CONFIRM
CONFIRM
CONFIRMyahoo -- toolbarUntrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-179.3 CVE-2017-2253
JVN Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- connectAdobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.2017-07-175.0 CVE-2017-3101
BID
SECTRACK
MISCadobe -- connectAdobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.2017-07-174.3 CVE-2017-3102
BID
SECTRACK
MISCadobe -- connectAdobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.2017-07-174.3 CVE-2017-3103
BID
SECTRACK
MISCalpinelinux -- alpine_linuxA heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.2017-07-176.8 CVE-2017-9669
MLIST
BID
MISCalpinelinux -- alpine_linuxA heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.2017-07-176.8 CVE-2017-9671
MLIST
BID
MISCapache -- openmeetingsBoth global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.2017-07-174.3 CVE-2017-7663
MLIST
BIDapache -- openmeetingsApache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.2017-07-176.8 CVE-2017-7666
MLISTapache -- openmeetingsApache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.2017-07-175.0 CVE-2017-7673
MLIST
BIDapache -- openmeetingsApache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.2017-07-175.0 CVE-2017-7680
MLISTapache -- openmeetingsApache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.2017-07-176.5 CVE-2017-7681
MLISTapache -- openmeetingsApache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.2017-07-176.4 CVE-2017-7682
MLISTapache -- openmeetingsApache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.2017-07-175.0 CVE-2017-7683
MLISTapache -- openmeetingsApache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.2017-07-175.0 CVE-2017-7684
MLIST
BIDapache -- openmeetingsApache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.2017-07-175.0 CVE-2017-7685
MLIST
BIDapache -- openmeetingsApache OpenMeetings 1.0.0 updates user password in insecure manner.2017-07-175.0 CVE-2017-7688
MLIST
BIDapache -- slingIn the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.2017-07-194.3 CVE-2016-5394
BID
MISCapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-07-204.3 CVE-2017-7028
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-07-204.3 CVE-2017-7029
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-07-206.8 CVE-2017-7047
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- apple_tvAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site.2017-07-204.3 CVE-2017-7060
BID
SECTRACK
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-206.8 CVE-2017-7039
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-206.8 CVE-2017-7046
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariAn issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-07-206.8 CVE-2017-7048
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safariA DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.2017-07-204.3 CVE-2017-7059
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMaudacity -- audacityAudacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution2017-07-176.8 CVE-2017-1000010
MISCcacti -- cactiSQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.2017-07-176.5 CVE-2017-1000031
MISCcacti -- cactiCross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.2017-07-174.3 CVE-2017-1000032
MISCcagintranetworks -- getsimple_cmsA reflected cross-site scripting vulnerability in GetSimple CMS version 3.3.13 and earlier, allow remote attackers to inject arbitrary JavaScript in the URL-field for the administrative login page (/admin/index.php).2017-07-174.3 CVE-2017-1000057
CONFIRMcairographics -- cairocairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.2017-07-175.0 CVE-2017-9814
MISCcandy_project -- candyAll versions of Candy Chat are vulnerable to an XSS attack by message senders, permitting remote code execution within the page2017-07-174.3 CVE-2017-1000036
MISCchef_project -- mixlib-archiveChef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries2017-07-175.0 CVE-2017-1000026
CONFIRMchevereto -- cheveretoStored XSS in chevereto CMS before version 3.8.112017-07-174.3 CVE-2017-1000058
CONFIRMcmsmadesimple -- cms_made_simpleIn CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.2017-07-174.0 CVE-2017-11404
MISCcmsmadesimple -- cms_made_simpleIn CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.2017-07-174.0 CVE-2017-11405
MISCexiv2 -- exiv2There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.2017-07-174.3 CVE-2017-11336
MISCexiv2 -- exiv2There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.2017-07-174.3 CVE-2017-11337
MISCexiv2 -- exiv2There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.2017-07-174.3 CVE-2017-11338
MISCexiv2 -- exiv2There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.2017-07-174.3 CVE-2017-11339
MISCexiv2 -- exiv2There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.2017-07-174.3 CVE-2017-11340
MISCfreeradius -- freeradiusAn FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.2017-07-175.0 CVE-2017-10978
CONFIRM
BID
SECTRACKfreeradius -- freeradiusAn FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.2017-07-175.0 CVE-2017-10980
CONFIRM
BID
SECTRACKfreeradius -- freeradiusAn FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.2017-07-175.0 CVE-2017-10981
CONFIRM
BID
SECTRACKfreeradius -- freeradiusAn FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.2017-07-175.0 CVE-2017-10982
CONFIRM
BID
SECTRACKfreeradius -- freeradiusAn FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.2017-07-175.0 CVE-2017-10983
CONFIRM
BID
SECTRACKfreeradius -- freeradiusAn FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.2017-07-175.0 CVE-2017-10986
CONFIRMfreeradius -- freeradiusAn FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.2017-07-175.0 CVE-2017-10987
CONFIRMgraphicsmagick -- graphicsmagickThe ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.2017-07-176.8 CVE-2017-11403
MISC
MISCibm -- tivoli_monitoringIBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493.2017-07-175.4 CVE-2017-1182
CONFIRM
SECTRACK
MISCibm -- tivoli_monitoringIBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.2017-07-175.4 CVE-2017-1183
CONFIRM
BID
SECTRACK
MISCimagemagick -- imagemagickIn ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.2017-07-174.3 CVE-2017-11352
BID
CONFIRM
CONFIRMimagemagick -- imagemagickThe ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.2017-07-174.3 CVE-2017-11360
CONFIRMimagemagick -- imagemagickThe ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.2017-07-194.3 CVE-2017-11447
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickThe ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.2017-07-194.3 CVE-2017-11448
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickcoders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.2017-07-196.8 CVE-2017-11449
CONFIRM
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickcoders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.2017-07-196.8 CVE-2017-11450
CONFIRM
CONFIRM
CONFIRM
CONFIRMjasper_project -- jasperJasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.2017-07-175.0 CVE-2017-1000050
MLIST
BIDjoomla -- joomla!Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.2017-07-175.0 CVE-2017-9933
BID
SECTRACK
CONFIRMjoomla -- joomla!Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.2017-07-174.3 CVE-2017-9934
BID
SECTRACK
CONFIRMkeepass -- keepassThe entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.2017-07-175.0 CVE-2017-1000066
CONFIRMkitto_project -- kittokittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution2017-07-175.0 CVE-2017-1000062
MISCkitto_project -- kittokittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure2017-07-174.3 CVE-2017-1000063
MISCkitto_project -- kittokittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS2017-07-175.0 CVE-2017-1000064
MISCkoozali -- sme_serverKoozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.2017-07-175.8 CVE-2017-1000027
MISC
MISClibsass -- libsassThere is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.2017-07-175.0 CVE-2017-11341
MISClibsass -- libsassThere is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.2017-07-175.0 CVE-2017-11342
MISClibtiff -- libtiffThere is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.2017-07-176.8 CVE-2017-11335
MISClivehelperchat -- live_helper_chatLive Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.2017-07-174.3 CVE-2017-1000059
MISClogicaldoc -- logicaldocLogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document2017-07-174.3 CVE-2017-1000023
MISCmapbox_project -- mapboxMapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.2017-07-174.3 CVE-2017-1000042
MISC
CONFIRMmapbox_project -- mapboxMapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control2017-07-174.3 CVE-2017-1000043
MISC
CONFIRMmautic -- mauticMautic 2.6.1 and earlier fails to set flags on session cookies2017-07-175.0 CVE-2017-1000046
MISCmicrosoft -- edgeAn information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."2017-07-174.3 CVE-2017-0196
CONFIRMmodx -- revolutionMODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.2017-07-176.5 CVE-2017-1000067
CONFIRMmoodle -- moodleMoodle 3.x has user fullname disclosure on the user preferences page.2017-07-174.0 CVE-2017-2642
BID
CONFIRMmoodle -- moodleIn Moodle 3.3, the course overview block reveals activities in hidden courses.2017-07-174.0 CVE-2017-7531
BID
CONFIRMmoodle -- moodleIn Moodle 3.x, course creators are able to change system default settings for courses.2017-07-174.0 CVE-2017-7532
BID
CONFIRMmysqldumper -- mysql_dumperMySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user2017-07-174.3 CVE-2017-1000012
MISCmywebsql -- mywebsqlMyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information2017-07-174.3 CVE-2017-1000011
MISCoauth2_proxy_project -- oauth2_proxyCSRF in Bitly oauth2_proxy 2.1 during authentication flow2017-07-176.8 CVE-2017-1000069
MISCoauth2_proxy_project -- oauth2_proxyThe Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-68192017-07-175.8 CVE-2017-1000070
CONFIRM
MISConosproject -- onosLinux foundation ONOS 1.9 is vulnerable to XSS in the device registration2017-07-174.3 CVE-2017-1000078
MISCopenmediavault -- openmediavaultMultiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser.2017-07-174.3 CVE-2017-1000065
CONFIRMoracle -- glassfish_serverOracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.2017-07-175.0 CVE-2017-1000028
MISCoracle -- glassfish_serverOracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.2017-07-175.0 CVE-2017-1000029
MISCoracle -- glassfish_serverOracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.2017-07-175.0 CVE-2017-1000030
MISCphpminiadmin_project -- phpminiadminPHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data).2017-07-174.3 CVE-2017-1000005
MISCphpmyadmin -- phpmyadminphpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness2017-07-175.8 CVE-2017-1000013
CONFIRMphpmyadmin -- phpmyadminphpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality2017-07-175.0 CVE-2017-1000014
CONFIRMphpmyadmin -- phpmyadminphpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters2017-07-174.3 CVE-2017-1000015
CONFIRMphpmyadmin -- phpmyadminphpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server2017-07-176.5 CVE-2017-1000017
CONFIRMphpmyadmin -- phpmyadminphpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name2017-07-175.0 CVE-2017-1000018
CONFIRMrelevanssi -- relevanssiWordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site2017-07-174.3 CVE-2017-1000038
MISCrocketchat -- rocket.chatRocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.2017-07-174.3 CVE-2017-1000054
MISCsitecore -- cmsIn Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.2017-07-194.0 CVE-2017-11440
MISC
MISCtt-rss -- tiny_tiny_rssTiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack2017-07-174.3 CVE-2017-1000035
CONFIRMvospari_forms_project -- vospari_formsWordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user.2017-07-174.3 CVE-2017-1000033
MISC
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.2017-07-185.0 CVE-2017-11407
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.2017-07-185.0 CVE-2017-11408
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMxwiki -- cryptpadCross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content2017-07-174.3 CVE-2017-1000051
CONFIRM
CONFIRM Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoblackcat-cms -- blackcat_cmsCross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.2017-07-173.5 CVE-2017-9609
MISC
CONFIRM
MISCbolt -- bolt_cmsBolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.2017-07-173.5 CVE-2017-11127
MISCbolt -- bolt_cmsBolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.2017-07-173.5 CVE-2017-11128
MISCibm -- tivoli_monitoringIBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487.2017-07-171.9 CVE-2017-1181
CONFIRM
BID
SECTRACK
MISCjuniper -- screenosA persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.2017-07-173.5 CVE-2017-2335
BID
SECTRACK
CONFIRMjuniper -- screenosA reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.2017-07-173.5 CVE-2017-2336
BID
SECTRACK
CONFIRMjuniper -- screenosA persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.2017-07-173.5 CVE-2017-2337
BID
SECTRACK
CONFIRMjuniper -- screenosA persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.2017-07-173.5 CVE-2017-2338
BID
SECTRACK
CONFIRMjuniper -- screenosA persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.2017-07-173.5 CVE-2017-2339
BID
SECTRACK
CONFIRMredhat -- network_managerRace condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.2017-07-172.1 CVE-2016-0764
REDHAT
CONFIRMsitecore -- cmsIn Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.2017-07-193.5 CVE-2017-11439
MISC
MISC Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoKubernetes -- Kubernetes

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.2017-07-17not yet calculatedCVE-2017-1000056
CONFIRMadobe*-- flash_player
*Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.2017-07-17not yet calculatedCVE-2017-3099
BID
SECTRACK
MISC
GENTOOadobe*-- flash_player
*Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.2017-07-17not yet calculatedCVE-2017-3100
BID
SECTRACK
MISC
GENTOOadobe*-- flash_player
*Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.2017-07-17not yet calculatedCVE-2017-3080
BID
SECTRACK
MISC
GENTOO
akeneo -- pim
*

Akeneo PIM CE and EE LP_NO) 'lp=none' arguments to the command line.2017-07-17not yet calculatedCVE-2017-1000363
BID
MISCljharb -- ljharb
*the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.2017-07-17not yet calculatedCVE-2017-1000048
CONFIRMmautic*-- mautic
*Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking2017-07-17not yet calculatedCVE-2017-1000045
MISCmemcached -- memcached
*The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.2017-07-17not yet calculatedCVE-2017-9951
MISC
MISC
MISCmetinfo -- metinfo
*Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.2017-07-17not yet calculatedCVE-2017-11347
MISCmetinfo*-- metinfo
*Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.2017-07-19not yet calculatedCVE-2017-9764
MISCmetinfo*-- metinfo
*A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.2017-07-20not yet calculatedCVE-2017-11500
MISCmicrosec -- e-szigno
*Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.2017-07-21not yet calculatedCVE-2015-3931
MISC
MISC
BID
MISC
MISC
MISCmicrosoft*-- scripting_engine
*A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."2017-07-17not yet calculatedCVE-2017-0028
CONFIRMnancyfx_nancy -- nancyfx_nancy
*Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.2017-07-20not yet calculatedCVE-2017-9785
CONFIRMnetapp*-- clustered_data_ontap

NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.2017-07-17not yet calculatedCVE-2017-7947
CONFIRMnetlock -- mokka
*Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.2017-07-21not yet calculatedCVE-2015-3932
MISC
MISC
BID
MISC
MISCnixos*-- nixos
*NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf.2017-07-20not yet calculatedCVE-2017-11501
CONFIRM
CONFIRM
CONFIRMoctopus_deploy -- octopus_deploy

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.2017-07-17not yet calculatedCVE-2017-11348
CONFIRMopenldap -- openldap
*/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.2017-07-17not yet calculatedCVE-2016-4984
CONFIRMopenmpt*-- openmpt
*soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.2017-07-17not yet calculatedCVE-2017-11311
CONFIRM
CONFIRM
CONFIRM
CONFIRMorientdb*-- orientdb
*OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.2017-07-19not yet calculatedCVE-2017-11467
MISC
MISCowncloud*-- owncloud_server
*Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue.2017-07-17not yet calculatedCVE-2017-9338
BID
CONFIRMowncloud*-- owncloud_server
*A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.2017-07-17not yet calculatedCVE-2017-9339
CONFIRMowncloud*-- owncloud_server
*An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.2017-07-17not yet calculatedCVE-2017-9340
MISC
CONFIRMowncloud*-- owncloud_server
*ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.2017-07-17not yet calculatedCVE-2017-8896
BID
MISC
CONFIRMphamm*-- phamm
*XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php.2017-07-20not yet calculatedCVE-2017-0378
CONFIRM
CONFIRM
CONFIRM
CONFIRMphicomm_k2 -- phicomm_k2
*PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.2017-07-20not yet calculatedCVE-2017-11495
MISCphpmailer*-- phpmailer
*PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.2017-07-20not yet calculatedCVE-2017-11503
BID
MISC
MISCphpmyadmin -- phpmyadmin
*A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.2017-07-17not yet calculatedCVE-2017-1000016
CONFIRMphpmybackuppro -- phpmybackuppro
*phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts.2017-07-21not yet calculatedCVE-2015-3640
MLIST
SECTRACKphpmybackuppro -- phpmybackuppro
*phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable.2017-07-21not yet calculatedCVE-2015-3638
MLIST
MLIST
SECTRACKphpmybackuppro -- phpmybackuppro
*phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.2017-07-21not yet calculatedCVE-2015-3639
MLIST
MLIST
SECTRACKphpsocial -- phpsocial
*phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI.2017-07-19not yet calculatedCVE-2017-10801
MISC
MISCplotly*-- plotly
*Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.2017-07-17not yet calculatedCVE-2017-1000006
CONFIRMprint-lldp.c -- print-lldp.c
*tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.2017-07-22not yet calculatedCVE-2017-11541
MISCprint-pim.c -- print-pim.c
*tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.2017-07-22not yet calculatedCVE-2017-11542
MISCprint-sl.c -- *print-sl.c
*tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.2017-07-22not yet calculatedCVE-2017-11543
MISCprint-sl.c:229:3 -- print-sl.c:229:3
*tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:229:3.2017-07-22not yet calculatedCVE-2017-11544
MISCprint-sl.c:253:34 -- print-sl.c:253:34
*tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:253:34.2017-07-22not yet calculatedCVE-2017-11545
MISCredcap*-- redcap
*REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.2017-07-18not yet calculatedCVE-2017-10961
MISC
MISCredcap*-- redcap
*REDCap before 7.5.1 has XSS via the query string.2017-07-18not yet calculatedCVE-2017-10962
MISC
MISCredhat -- wildfly
*The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.2017-07-21not yet calculatedCVE-2015-3198
CONFIRM
MISC
CONFIRM
MISCresiprocate -- resiprocate
*The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.2017-07-22not yet calculatedCVE-2017-11521
CONFIRM
rkhunter -- rkhunter

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.2017-07-21not yet calculatedCVE-2017-7480
MLISTruby*-- ruby
*The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.2017-07-19not yet calculatedCVE-2017-11465
MISC
MISCrvm*-- rvm
*RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD resulting in code execution RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD resulting in code execution2017-07-17not yet calculatedCVE-2017-1000037
MISCshoco -- shoco
*The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data.2017-07-17not yet calculatedCVE-2017-11367
MISCshotwell*-- shotwell
*Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to a information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission2017-07-17not yet calculatedCVE-2017-1000024
MLISTsony*-- wg-c10
*Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.2017-07-21not yet calculatedCVE-2017-2276
MISC
JVNsony*-- wg-c10
*WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.2017-07-21not yet calculatedCVE-2017-2275
MISC
JVNsony*-- wg-c10
*WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.2017-07-21not yet calculatedCVE-2017-2277
MISC
JVNspice -- spice
*spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.2017-07-18not yet calculatedCVE-2017-7506
MLIST
BID
CONFIRMsubsonic -- subsonic
*Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.2017-07-21not yet calculatedCVE-2017-9415
EXPLOIT-DBtechnicolor -- dpc3928ad_docsis
*Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.2017-07-20not yet calculatedCVE-2017-11502
MISCteleves -- coaxdata_gateway

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change.2017-07-20not yet calculatedCVE-2017-6530
MISC
MISCteleves -- coaxdata_gatewayOn Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile.2017-07-20not yet calculatedCVE-2017-6531
MISC
MISCteleves -- coaxdata_gateway
*Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db.2017-07-20not yet calculatedCVE-2017-6532
MISC
MISCtesttrack_server -- testtrack_server
*TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field.2017-07-17not yet calculatedCVE-2017-1000068
MISCtp-link_archer -- tp-link_archer
*passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.2017-07-21not yet calculatedCVE-2017-11519
MISC
MISCtxaws*-- txaws
*txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure.2017-07-17not yet calculatedCVE-2017-1000007
CONFIRMwordpress -- wordpress
*The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.2017-07-21not yet calculatedCVE-2015-3421
BID
MISCxmlsec -- xmlsec

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service2017-07-17not yet calculatedCVE-2017-1000061
CONFIRM
yadm -- yadm

yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys.2017-07-17not yet calculatedCVE-2017-11353
CONFIRM
CONFIRMyara*-- yara
*Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.2017-07-17not yet calculatedCVE-2017-11328
CONFIRMyii-framework -- yii-framework
*An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.2017-07-21not yet calculatedCVE-2017-11516
CONFIRM
CONFIRMzoho_manageengine_desktop_central -- zoho_manageengine_desktop_central

Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.2017-07-17not yet calculatedCVE-2017-11346
CONFIRM Back to top
This product is provided subject to this Notification and this Privacy & Use policy.

More...