SB17-338: Vulnerability Summary for the Week of November 27, 2017

The Patriot · #1 12-09-2017, 06:05 AM

SB17-338: Vulnerability Summary for the Week of November 27, 2017

12-03-2017 09:27 PM

Original release date: December 04, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- webex_meeting_centerA vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843.2017-11-304.0 CVE-2017-12297
BID
SECTRACK
CONFIRMcisco -- webex_meeting_centerA Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543.2017-11-304.3 CVE-2017-12359
CONFIRMcisco -- webex_meeting_centerA vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301.2017-11-304.3 CVE-2017-12360
BID
CONFIRMcisco -- webex_meeting_centerA vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displayed information. An attacker could use this information to attend meetings that are not available for their attendance. Cisco Bug IDs: CSCvg33629.2017-11-304.0 CVE-2017-12365
BID
SECTRACK
CONFIRMcisco -- webex_meeting_centerA vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440.2017-11-304.3 CVE-2017-12366
BID
SECTRACK
CONFIRMcisco -- webex_meetings_serverA vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could allow the attacker to modify the welcome message of any known meeting. Cisco Bug IDs: CSCvf68695.2017-11-305.0 CVE-2017-12363
BID
SECTRACK
@#32#Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- coldfusion
*Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11285
BID
SECTRACK
CONFIRMadobe -- coldfusion
*Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11286
BID
SECTRACK
CONFIRMadobe -- coldfusion
*Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11283
BID
SECTRACK
CONFIRMadobe -- coldfusion
*Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11284
BID
SECTRACK
CONFIRMadobe -- flash
*Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.2017-12-01not yet calculatedCVE-2017-11282
BID
SECTRACK
CONFIRM
GENTOO
EXPLOIT-DBadobe -- flash
*Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.2017-12-01not yet calculatedCVE-2017-11281
BID
SECTRACK
CONFIRM
GENTOO
EXPLOIT-DB
EXPLOIT-DBadobe -- robohelp
*Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.2017-12-01not yet calculatedCVE-2017-3105
BID
SECTRACK
CONFIRMadobe -- robohelp
*Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.2017-12-01not yet calculatedCVE-2017-3104
BID
SECTRACK
CONFIRMapache -- cxf_fediz
*Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser.2017-11-30not yet calculatedCVE-2017-12631
MLISTapache -- qpid_broker-j
*In Apache Qpid Broker-J before 6.1.x before 6.1.5, the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.2017-12-01not yet calculatedCVE-2017-15701
CONFIRM
MLIST
CONFIRMapache -- qpid_broker-j
*In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected.2017-12-01not yet calculatedCVE-2017-15702
CONFIRM
MLIST
CONFIRMapache -- struts
*In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.2017-12-01not yet calculatedCVE-2017-15707
SECTRACK
CONFIRMapple -- macos_high_sierra
*An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.2017-11-29not yet calculatedCVE-2017-13872
BID
SECTRACK
MISC
MISC
MISC
MISCarq -- arq
*The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.2017-12-01not yet calculatedCVE-2017-15357
MISC
CONFIRMarq -- multiple_products
*The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.2017-12-01not yet calculatedCVE-2017-16895
MISC
CONFIRMatlassian -- hipchat
*The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.2017-11-27not yet calculatedCVE-2017-14586
BID
CONFIRM
CONFIRMatlassian -- hipchat
*A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected.2017-11-27not yet calculatedCVE-2017-14585
BID
CONFIRM
CONFIRMatlassian -- multiple_products
*Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.2017-11-29not yet calculatedCVE-2017-14591
CONFIRMaubio -- aubio
*In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.2017-11-29not yet calculatedCVE-2017-17054
MISCb3log/symphony -- b3log/symphony
*b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.2017-11-27not yet calculatedCVE-2017-16956
CONFIRMbazaar -- bazaar
*Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.2017-11-27not yet calculatedCVE-2017-14176
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIANbigtree -- bigtree_cms
*A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.2017-11-27not yet calculatedCVE-2017-16961
MISCbluemotion -- ohmibod
*The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user_id, and token fields in data/data/com.ohmibod.remote2/shared_prefs/OMB.xml.2017-12-01not yet calculatedCVE-2017-14487
MISCcisco -- application_policy_ infrastructure_controllers
*A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-controlled input that is supplied to certain script files of an affected system. An attacker could exploit this vulnerability by submitting crafted input to a script file on an affected system. A successful exploit could allow the attacker to gain elevated privileges and execute arbitrary commands with root privileges on the affected system. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf57274.2017-11-30not yet calculatedCVE-2017-12352
BID
SECTRACK
CONFIRMcisco -- asynchos_software
*A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666.2017-11-30not yet calculatedCVE-2017-12353
BID
SECTRACK
CONFIRMcisco -- data_center_network_manager
*Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12347
BID
CONFIRMcisco -- data_center_network_manager
*Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12343
BID
CONFIRMcisco -- data_center_network_manager
*Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12345
BID
CONFIRMcisco -- data_center_network_manager
*Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12344
BID
CONFIRMcisco -- data_center_network_manager
*Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12346
BID
CONFIRMcisco -- firepower_extensible_operating_system_and _nx-os
*A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco FXOS or NX-OS System Software: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve51700, CSCve93833, CSCve93860, CSCve93863, CSCve93864, CSCve93880.2017-11-30not yet calculatedCVE-2017-12329
BID
SECTRACK
CONFIRMcisco -- ios_xr
*A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an affected system. A successful exploit could allow the attacker to cause one of the LPTS processes on the affected system to restart unexpectedly, which would impact LPTS traffic and cause a brief DoS condition while the process restarts. Cisco Bug IDs: CSCvf76332.2017-11-30not yet calculatedCVE-2017-12355
BID
SECTRACK
CONFIRMcisco -- ip_phone_8800_series_devices
*A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.2017-11-30not yet calculatedCVE-2017-12328
BID
SECTRACK
CONFIRMcisco -- jabber
*A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79080, CSCvf79088.2017-11-30not yet calculatedCVE-2017-12358
BID
CONFIRMcisco -- jabber
*A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf50378, CSCvg56018.2017-11-30not yet calculatedCVE-2017-12356
BID
SECTRACK
CONFIRMcisco -- jabber
*A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber for Windows handles random number generation for file folders. An attacker could exploit the vulnerability by fixing the random number data used to establish Secure Sockets Layer (SSL) connections between clients. An exploit could allow the attacker to decrypt secure communications made by the Cisco Jabber for Windows client. Cisco Bug IDs: CSCve44806.2017-11-30not yet calculatedCVE-2017-12361
BID
SECTRACK
CONFIRMcisco -- meeting_server
*A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931.2017-11-30not yet calculatedCVE-2017-12362
BID
SECTRACK
CONFIRMcisco -- nexus_series_switches
*A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature. An attacker could exploit this vulnerability by crafting specific packets for communication on the device-internal network. A successful exploit could allow the attacker to run code on the underlying host operating system. OAC is not enabled by default. For a device to be vulnerable, an administrator would need to install and activate this feature. This vulnerability affects the following Cisco Nexus Series Switches: Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. Cisco Bug IDs: CSCve53542, CSCvf36621.2017-11-30not yet calculatedCVE-2017-12342
SECTRACK
CONFIRMcisco -- nx_os
*A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gaining unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99902, CSCvf14879.2017-11-30not yet calculatedCVE-2017-12330
BID
SECTRACK
CONFIRMcisco -- nx_os
*A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due to insufficient internal security measures in the guest shell feature. An attacker could exploit this vulnerability by sending or receiving packets on the device-internal network outside of the guest shell container, aka "Unauthorized Internal Interface Access." This vulnerability affects the following products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvf33038.2017-11-30not yet calculatedCVE-2017-12351
BID
SECTRACK
CONFIRMcisco -- nx_os
*A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software patch on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16494, CSCvf23655.2017-11-30not yet calculatedCVE-2017-12331
SECTRACK
CONFIRMcisco -- nx_os
*A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the installation of a software patch. An attacker could exploit this vulnerability by installing a crafted patch image with the vulnerable operation occurring prior to patch activation. An exploit could allow the attacker to execute arbitrary commands on an affected system as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf23735, CSCvg04072.2017-11-30not yet calculatedCVE-2017-12341
SECTRACK
CONFIRMcisco -- nx_os
*A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf15113, CSCvf15122, CSCvf15125, CSCvf15131, CSCvf15143, CSCvg04088.2017-11-30not yet calculatedCVE-2017-12334
SECTRACK
CONFIRMcisco -- nx_os
*A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software image on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf25045, CSCvf31495.2017-11-30not yet calculatedCVE-2017-12333
SECTRACK
CONFIRMcisco -- nx_os
*A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832.2017-11-30not yet calculatedCVE-2017-12332
SECTRACK
CONFIRMcisco -- nx_os
*A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, and Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99925, CSCvf15164, CSCvf15167, CSCvf15170, CSCvf15173.2017-11-30not yet calculatedCVE-2017-12339
SECTRACK
CONFIRMcisco -- nx_os
*A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gain unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf14923, CSCvf14926, CSCvg04095.2017-11-30not yet calculatedCVE-2017-12335
SECTRACK
CONFIRMcisco -- nx_os
*A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.2017-11-30not yet calculatedCVE-2017-12336
SECTRACK
CONFIRMcisco -- nx_os
*A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513.2017-11-30not yet calculatedCVE-2017-12340
CONFIRMcisco -- nx_os
*A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted command on the CLI. An exploit could allow the attacker unauthorized access to read arbitrary files on the underlying local file system. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to read files from any VDC. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve51707, CSCve93961, CSCve93964, CSCve93965, CSCve93968, CSCve93974, CSCve93976.2017-11-30not yet calculatedCVE-2017-12338
SECTRACK
CONFIRMcisco -- prime_service_catalog
*A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Cisco Bug IDs: CSCvg30333.2017-11-30not yet calculatedCVE-2017-12364
BID
SECTRACK
CONFIRMcisco -- secure_access_control_system
*A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version information when the software responds to HTTP requests that are sent to the web-based interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based interface of the affected software. A successful exploit could allow the attacker to view sensitive information about the software, which the attacker could use to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvf66155.2017-11-30not yet calculatedCVE-2017-12354
BID
SECTRACK
CONFIRMcisco -- ucs_central_software
*Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.2017-11-30not yet calculatedCVE-2017-12349
BID
SECTRACK
CONFIRMcisco -- ucs_central_software
*Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.2017-11-30not yet calculatedCVE-2017-12348
BID
SECTRACK
CONFIRMcisco -- umbrella_virtual_appliance
*The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.2017-12-01not yet calculatedCVE-2017-6679
BID
MISC
MISCcisco -- unified_communications_manager
*A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346.2017-11-30not yet calculatedCVE-2017-12357
BID
SECTRACK
CONFIRMcisco -- webex_network_recording_player
*A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve11545, CSCve02843, CSCve11548.2017-11-30not yet calculatedCVE-2017-12367
BID
SECTRACK
CONFIRMcisco -- webex_network_recording_player
*A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve10584, CSCve10591, CSCve11503, CSCve10658, CSCve11507, CSCve10749, CSCve10744, CSCve11532, CSCve10762, CSCve10764, CSCve11538.2017-11-30not yet calculatedCVE-2017-12368
BID
SECTRACK
CONFIRMcisco -- webex_network_recording_player
*A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve30208, CSCve30214, CSCve30268.2017-11-30not yet calculatedCVE-2017-12369
BID
SECTRACK
CONFIRMcisco -- webex_network_recording_player
*A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850.2017-11-30not yet calculatedCVE-2017-12370
BID
SECTRACK
CONFIRMcisco -- webex_network_recording_player
*A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf49650, CSCvg54853, CSCvg54856, CSCvf49697, CSCvg54861, CSCvf49707, CSCvg54867.2017-11-30not yet calculatedCVE-2017-12371
BID
SECTRACK
CONFIRMcisco -- webex_network_recording_player
*A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf57234, CSCvg54868, CSCvg54870.2017-11-30not yet calculatedCVE-2017-12372
BID
SECTRACK
CONFIRMcs-cart -- cs-cart
*The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.2017-11-28not yet calculatedCVE-2017-15673
MISCcurl_project -- curl_and_libcurlThe FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.2017-11-29not yet calculatedCVE-2017-8817
SECTRACK
CONFIRM
DEBIANcurl_project -- curl_and_libcurl
*The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.2017-11-29not yet calculatedCVE-2017-8816
BID
SECTRACK
CONFIRM
DEBIANcurl_project -- curl_and_libcurl
*curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.2017-11-29not yet calculatedCVE-2017-8818
BID
SECTRACK
CONFIRMd-link -- dir-605l_model_b
*An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request.2017-11-30not yet calculatedCVE-2017-17065
CONFIRMdahua_technology -- ip_camera_and_ptz
*Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.2017-11-28not yet calculatedCVE-2017-9315
CONFIRMdahua_technology -- ipc-hdw4300s
*Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.2017-11-27not yet calculatedCVE-2017-9316
CONFIRMdell_emc -- scaleio
*An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.2017-11-28not yet calculatedCVE-2017-8019
CONFIRM
BIDdell_emc -- scaleio
*An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server.2017-11-28not yet calculatedCVE-2017-8020
CONFIRM
BIDdell_emc -- scaleio
*An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.2017-11-28not yet calculatedCVE-2017-8001
CONFIRM
BIDdigium -- asterisk_open_source
*An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.2017-12-01not yet calculatedCVE-2017-17090
CONFIRM
CONFIRMeast_nippon_telegraph_and_telephone_corporation -- pwr_q200_router
*PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks.2017-12-01not yet calculatedCVE-2017-10874
CONFIRM
JVNemc -- rsa_authentication_agent
*EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass.2017-11-29not yet calculatedCVE-2017-14377
CONFIRM
BID
SECTRACKemc -- rsa_authentication_agent
*EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability."2017-11-29not yet calculatedCVE-2017-14378
CONFIRM
BID
SECTRACKemc -- rsa_authentication_manager
*EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-11-28not yet calculatedCVE-2017-14379
CONFIRM
BID
SECTRACKevince -- evince
*Command injection in evince 3.24.8 via filename when printing to PDF2017-11-27not yet calculatedCVE-2017-1000159
CONFIRMexim -- exim
*The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.2017-11-25not yet calculatedCVE-2017-16943
MISC
MISC
MISC
SECTRACK
MISC
MISC
MISC
MISC
MISC
DEBIANexim -- exim
*The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.2017-11-25not yet calculatedCVE-2017-16944
MISC
MISC
MISC
SECTRACK
MISC
MISC
DEBIAN
EXPLOIT-DBffmpeg -- ffmpeg
*The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.2017-11-30not yet calculatedCVE-2017-17081
MISC
MISC
MISCforeman -- foreman
*An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.2017-11-27not yet calculatedCVE-2017-15100
CONFIRM
CONFIRMfortinet -- fortios
*A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.6, 5.2.0 to 5.2.12, 5.0 and below versions under SSL VPN web portal allows an authenticated user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.2017-11-29not yet calculatedCVE-2017-14186
BID
SECTRACK
CONFIRMfortinet -- fortiwebmanager
*An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.2017-11-29not yet calculatedCVE-2017-14189
BID
SECTRACK
CONFIRMgnu -- bitutils
*elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.2017-11-30not yet calculatedCVE-2017-17080
MISChangzhou_hikvision_digital_technology -- hikvision
*HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication.2017-12-01not yet calculatedCVE-2017-14953
MISC
FULLDISChitachi_vantara -- pentaho
*In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.2017-11-27not yet calculatedCVE-2016-10701
MISC
MISC
MISCibm -- business_process_manager
*IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.2017-11-27not yet calculatedCVE-2017-1628
CONFIRM
BID
SECTRACK
MISCibm -- collaborative_lifecycle_management
*An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.2017-11-27not yet calculatedCVE-2017-1251
CONFIRM
MISCibm -- doors_next_generation
*IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134064.2017-11-27not yet calculatedCVE-2017-1689
CONFIRM
BID
MISCibm -- doors_next_generation
*IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131759.2017-11-27not yet calculatedCVE-2017-1560
CONFIRM
BID
MISCibm -- doors_next_generation
*IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128460.2017-11-27not yet calculatedCVE-2017-1461
CONFIRM
BID
MISCibm -- doors_next_generation
*IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134063.2017-11-27not yet calculatedCVE-2017-1688
CONFIRM
BID
MISCibm -- doors_next_generation
*IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134000.2017-11-27not yet calculatedCVE-2017-1678
CONFIRM
BID
MISCibm -- doors_next_generation
*IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132494.2017-11-27not yet calculatedCVE-2017-1593
CONFIRM
BID
MISCibm -- doors_next_generation
*IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132927.2017-11-27not yet calculatedCVE-2017-1607
CONFIRM
BID
MISCibm -- doors_next_generation
*IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133260.2017-11-27not yet calculatedCVE-2017-1650
CONFIRM
BID
MISCibm -- jazz_foundation
*IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.2017-11-27not yet calculatedCVE-2017-1570
CONFIRM
MISCibm -- jazz_products
*IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.2017-11-27not yet calculatedCVE-2016-6024
CONFIRM
MISCibm -- rhapsody_dm
*IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.2017-11-27not yet calculatedCVE-2017-1240
CONFIRM
BID
MISCibm -- websphere_mq
*IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.2017-11-27not yet calculatedCVE-2017-1283
CONFIRM
MISCibm -- websphere
*IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.2017-11-27not yet calculatedCVE-2017-1484
CONFIRM
BID
MISCindeo -- otter
*Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.2017-12-01not yet calculatedCVE-2017-15607
CONFIRM
CONFIRMindeo -- otter
*Indeo Otter through 1.7.4 mishandles a "" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.2017-12-01not yet calculatedCVE-2017-17086
CONFIRMismartalarm -- cubeone

*Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.2017-12-01not yet calculatedCVE-2017-13664
MISCismartalarm -- cubeone
*Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.2017-12-01not yet calculatedCVE-2017-13663
MISCjavascript -- javascriptmath.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.2017-11-27not yet calculatedCVE-2017-1001002
CONFIRM
CONFIRMjavascript -- javascript

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.2017-11-27not yet calculatedCVE-2017-1001003
CONFIRM
CONFIRMjavascript -- javascript
*typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.2017-11-27not yet calculatedCVE-2017-1001004
CONFIRM
CONFIRMkmplayer -- kmplayer
*KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.2017-11-28not yet calculatedCVE-2017-16952
EXPLOIT-DBlenovo -- xclarity_administrator
*A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed.2017-11-30not yet calculatedCVE-2017-3764
CONFIRMlibsndfile -- libsndfile
*In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.2017-11-25not yet calculatedCVE-2017-16942
MISClibtiff -- libtiff
*tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.2017-12-02not yet calculatedCVE-2017-17095
MISC
MISClibvirtd -- libvirtd
*When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.2017-11-27not yet calculatedCVE-2017-15114
BID
CONFIRMlibxcursor -- libxcursor
*libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.2017-12-01not yet calculatedCVE-2017-16612
MLIST
UBUNTU
CONFIRM
CONFIRM
MLISTlibxfont_libxfont2 -- libxfont_libxfont2
*In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.2017-12-01not yet calculatedCVE-2017-16611
MLIST
UBUNTU
CONFIRM
MLIST
MLISTlinux -- linux_kernel
*The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.2017-11-30not yet calculatedCVE-2017-1000405
MISC
EXPLOIT-DBlinux -- linux_kernel
*The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).2017-11-30not yet calculatedCVE-2017-15116
MISC
MISC
MISC
MISClinux -- linux_kernel
*The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.2017-11-28not yet calculatedCVE-2017-17052
CONFIRM
BID
CONFIRM
CONFIRMlinux -- linux_kernel
*The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.2017-11-28not yet calculatedCVE-2017-17053
CONFIRM
BID
CONFIRM
CONFIRMlinux -- linux_kernel
*The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.2017-11-24not yet calculatedCVE-2017-16939
MISC
MISC
MISC
BID
MISC
MISC
MISClinux -- linux_kernel
*The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.2017-11-27not yet calculatedCVE-2017-16994
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
EXPLOIT-DBmisp -- misp
*The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.2017-11-25not yet calculatedCVE-2017-16946
CONFIRMmoore_thompson -- mt_cloud
*SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10899
JVNmoore_thompson -- mt_cloud
*SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10898
JVNopendaylight_project -- karaf
*OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).2017-11-30not yet calculatedCVE-2017-1000406
MLIST
CONFIRM
CONFIRMpebble -- smartwatch
*Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary.2017-11-28not yet calculatedCVE-2016-10702
MISCpivotal -- cloud_foundry
*In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.2017-11-27not yet calculatedCVE-2017-8044
BID
CONFIRMpivotal -- cloud_foundry
*An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."2017-11-28not yet calculatedCVE-2017-14389
CONFIRMpivotal -- cloud_foundry

*In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations.2017-11-27not yet calculatedCVE-2017-14390
BID
CONFIRMpivotal -- cloud_foundry
*In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.2017-11-27not yet calculatedCVE-2017-8038
CONFIRMpivotal -- cloud_foundry
*An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service.2017-11-27not yet calculatedCVE-2017-8031
BID
CONFIRMpivotal -- spring-LDAP
*In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDi rContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect.2017-11-27not yet calculatedCVE-2017-8028
CONFIRM
DEBIANpivotal -- spring_security
*An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(Object Mapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.2017-11-27not yet calculatedCVE-2017-4995
BID
CONFIRMpivotal -- spring
*An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971.2017-11-27not yet calculatedCVE-2017-8039
BID
CONFIRMpivotal -- spring
*In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.2017-11-27not yet calculatedCVE-2017-8045
BID
CONFIRMpiwigo -- piwigo
*The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application.2017-12-01not yet calculatedCVE-2017-16893
MISCprinceton -- ptw-wms1
*PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10902
JVNprinceton -- ptw-wms1
*PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10900
JVNprinceton -- ptw-wms1
*Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10903
JVNprinceton -- ptw-wms1
*Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10901
JVNqualitysoft -- qnd
*Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.2017-12-01not yet calculatedCVE-2017-10861
CONFIRM
MISCrestlet -- restlet_framework
*Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.2017-11-30not yet calculatedCVE-2017-14868
MISC
MISC
MISCrestlet -- restlet_framework
*Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation.2017-11-30not yet calculatedCVE-2017-14949
MISC
MISCsamba -- samba
*Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.2017-11-27not yet calculatedCVE-2017-14746
BID
SECTRACK
UBUNTU
REDHAT
REDHAT
REDHAT
DEBIAN
CONFIRMsamba -- samba
*Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.2017-11-27not yet calculatedCVE-2017-15275
BID
SECTRACK
UBUNTU
UBUNTU
REDHAT
REDHAT
REDHAT
DEBIAN
CONFIRMsamsung/seagate -- drives
*Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack."2017-11-27not yet calculatedCVE-2015-7268
MISC
MISCsamsung/seagate -- drives
*Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack."2017-11-27not yet calculatedCVE-2015-7267
MISC
MISCseagate -- st500lt015_drives
*Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack."2017-11-27not yet calculatedCVE-2015-7269
MISC
MISCsony -- media_go
*Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-12-01not yet calculatedCVE-2017-10891
JVNsony -- music_center_for_pc
*Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-12-01not yet calculatedCVE-2017-10892
JVNsplunk -- splunk_enterprise
*Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.2017-11-29not yet calculatedCVE-2017-17067
BID
CONFIRMsquiz -- matrixAn issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins.2017-11-29not yet calculatedCVE-2017-14197
MISCsquiz -- matrix
*An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag.2017-11-29not yet calculatedCVE-2017-14198
MISCsquiz -- matrix
*An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.2017-11-29not yet calculatedCVE-2017-14196
MISCstalker_software -- communigate_pro
*The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.2017-11-27not yet calculatedCVE-2017-16962
MISC
EXPLOIT-DBswagger-parser -- swagger-parser
*A vulnerability in Swagger-Parser's version