SB17-359: Vulnerability Summary for the Week of December 18, 2017

The Patriot · #1 12-29-2017, 07:42 PM

SB17-359: Vulnerability Summary for the Week of December 18, 2017

12-24-2017 09:27 PM

Original release date: December 25, 2017 | Last revised: December 26, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infok7computing -- antivirusK7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.2017-12-157.5 CVE-2017-17699
MISCk7computing -- antivirusK7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.2017-12-157.5 CVE-2017-17700
MISCk7computing -- antivirusK7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.2017-12-157.5 CVE-2017-17701
MISC Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infotechno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panelTechno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.2017-12-154.0 CVE-2017-17693
MISCtechno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panelTechno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.2017-12-156.5 CVE-2017-17695
MISCtechno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panelTechno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.2017-12-154.0 CVE-2017-17696
MISC Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infotechno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panelTechno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.2017-12-153.5 CVE-2017-17694
MISC Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabb*-- ellipse
*An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.2017-12-20not yet calculatedCVE-2017-16731
MISCapache*-- drill
*In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.2017-12-18not yet calculatedCVE-2017-12630
MLISTapache*-- sling_authentication_service
*A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectVali d method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.2017-12-18not yet calculatedCVE-2017-15700
MLISTbitdefender -- bitdefender
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x102 in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5116.2017-12-21not yet calculatedCVE-2017-17410
MISCbitdefender -- bitdefender
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102.2017-12-21not yet calculatedCVE-2017-17409
MISCbitdefender -- bitdefender
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101.2017-12-21not yet calculatedCVE-2017-17408
MISCblogotext -- blogotext
*validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field.2017-12-20not yet calculatedCVE-2017-17794
CONFIRM
CONFIRMblogotext -- blogotext
*Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment.2017-12-20not yet calculatedCVE-2017-17792
CONFIRM
CONFIRMblogotext -- blogotext
*Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).2017-12-20not yet calculatedCVE-2017-17793
CONFIRM
CONFIRMbrightsign*-- brightsign_digital_signage
*The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.2017-12-18not yet calculatedCVE-2017-17737
MISCbrightsign*-- brightsign_digital_signage
*The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.2017-12-18not yet calculatedCVE-2017-17738
MISCbrightsign*-- brightsign_digital_signage
*The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.2017-12-18not yet calculatedCVE-2017-17739
MISCcambium_networks -- epmp_firmware
*Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.2017-12-20not yet calculatedCVE-2017-5263
MISCcambium_networks -- epmp_firmware
*In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.2017-12-20not yet calculatedCVE-2017-5257
MISCcambium_networks -- epmp_firmware
*In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.2017-12-20not yet calculatedCVE-2017-5256
MISCcambium_networks -- epmp_firmware
*In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.2017-12-20not yet calculatedCVE-2017-5261
MISCcambium_networks -- epmp_firmware
*In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.2017-12-20not yet calculatedCVE-2017-5262
MISCcambium_networks -- epmp_firmware
*In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http:///goform/down_cfg_file by this otherwise low privilege 'user' account.2017-12-20not yet calculatedCVE-2017-5260
MISCcambium_networks -- epmp_firmware
*In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root.2017-12-20not yet calculatedCVE-2017-5255
MISCcambium_networks -- epmp_firmware
*In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.2017-12-20not yet calculatedCVE-2017-5254
MISCcambium_networks -- epmp_firmware
*In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings.2017-12-20not yet calculatedCVE-2017-5258
MISCcambium_networks -- epmp_firmware
*In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp.2017-12-20not yet calculatedCVE-2017-5259
MISCcisco*-- asa
*A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.2017-12-15not yet calculatedCVE-2017-12373
BID
CONFIRMcms_made_simple*-- cms_made_simple*
*CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.2017-12-18not yet calculatedCVE-2017-17735
CONFIRM
CONFIRMcms_made_simple*-- cms_made_simple*
*CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.2017-12-18not yet calculatedCVE-2017-17734
CONFIRM
CONFIRMcode_crafters*-- ability_mail_server
*Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.2017-12-20not yet calculatedCVE-2017-17752
EXPLOIT-DBconarc*-- ichannel
*Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service).2017-12-19not yet calculatedCVE-2017-17759
MISCdedecms*-- dedecms
*DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.2017-12-18not yet calculatedCVE-2017-17731
MISCdedecms*-- dedecms
*DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.2017-12-18not yet calculatedCVE-2017-17727
MISCdedecms*-- dedecms
*DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.2017-12-18not yet calculatedCVE-2017-17730
MISCecava -- integraxor
*A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.2017-12-20not yet calculatedCVE-2017-16735
MISCecava -- integraxor
*A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.2017-12-20not yet calculatedCVE-2017-16733
MISCemc*-- data_domain
*An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution.2017-12-20not yet calculatedCVE-2017-14385
CONFIRM
SECTRACKemc*-- isilon_onfs
*The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."2017-12-20not yet calculatedCVE-2017-14387
CONFIRMf5 -- big-ip_afm
*A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected.2017-12-21not yet calculatedCVE-2017-0304
SECTRACK
CONFIRMf5 -- big-ip_apm
*In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.2017-12-21not yet calculatedCVE-2017-6129
CONFIRMf5 -- big-ip_apm
*In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected.2017-12-21not yet calculatedCVE-2017-0301
SECTRACK
CONFIRMf5 -- big-ip_apm
*In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.2017-12-21not yet calculatedCVE-2017-6139
CONFIRMf5 -- multiple_productsIn F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM.2017-12-21not yet calculatedCVE-2017-6151
CONFIRMf5 -- multiple_productsIn F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.2017-12-21not yet calculatedCVE-2017-6135
CONFIRMf5 -- multiple_products
*In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.2017-12-21not yet calculatedCVE-2017-6134
CONFIRMf5 -- multiple_products
*In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM).2017-12-21not yet calculatedCVE-2017-6136
CONFIRMf5 -- multiple_products
*In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart.2017-12-21not yet calculatedCVE-2017-6132
CONFIRMf5 -- multiple_products
*In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.2017-12-21not yet calculatedCVE-2017-6164
CONFIRMf5 -- multiple_products
*In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies.2017-12-21not yet calculatedCVE-2017-6138
CONFIRMf5 -- multiple_products
*On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services.2017-12-21not yet calculatedCVE-2017-6140
CONFIRMf5 -- multiple_products
*In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.2017-12-21not yet calculatedCVE-2017-6133
CONFIRMf5 -- multiple_products
*In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.2017-12-21not yet calculatedCVE-2017-6167
CONFIRMfortinet -- forticlient
*An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.2017-12-15not yet calculatedCVE-2017-14184
BID
CONFIRMfortunescripts.com*-- fs_lynda_clone
*FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.2017-12-18not yet calculatedCVE-2017-17643
MISC
EXPLOIT-DBfoxit*-- readerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977.2017-12-20not yet calculatedCVE-2017-16589
CONFIRM
MISCfoxit*-- readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4980.2017-12-20not yet calculatedCVE-2017-10958
CONFIRM
MISCfoxit*-- readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of the Document object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5282.2017-12-20not yet calculatedCVE-2017-16581
CONFIRM
MISCfoxit*-- readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5296.2017-12-20not yet calculatedCVE-2017-16587
CONFIRM
MISCfoxit*-- readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA's bind element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5091.2017-12-20not yet calculatedCVE-2017-16575
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the signer method of XFA's Signature objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5015.2017-12-20not yet calculatedCVE-2017-14823
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index member of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4978.2017-12-20not yet calculatedCVE-2017-10956
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4981.2017-12-20not yet calculatedCVE-2017-10959
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index of the SOT marker in JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5012.2017-12-20not yet calculatedCVE-2017-14820
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the formNodes method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5018.2017-12-20not yet calculatedCVE-2017-14826
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xOsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5014.2017-12-20not yet calculatedCVE-2017-14822
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013.2017-12-20not yet calculatedCVE-2017-14821
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4982.2017-12-20not yet calculatedCVE-2017-14818
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979.2017-12-20not yet calculatedCVE-2017-10957
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of references to the app object from FormCalc. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5072.2017-12-20not yet calculatedCVE-2017-16571
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pageSpan method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5029.2017-12-20not yet calculatedCVE-2017-14837
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the clearItems XFA method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5288.2017-12-20not yet calculatedCVE-2017-16582
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within FormCalc's closeDoc method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5073.2017-12-20not yet calculatedCVE-2017-16572
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setFocus method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5022.2017-12-20not yet calculatedCVE-2017-14830
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the remove method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5017.2017-12-20not yet calculatedCVE-2017-14825
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016.2017-12-20not yet calculatedCVE-2017-14824
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the channel number member of the cdef box. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5011.2017-12-20not yet calculatedCVE-2017-14819
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the append method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5019.2017-12-20not yet calculatedCVE-2017-14827
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the w method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5020.2017-12-20not yet calculatedCVE-2017-14828
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the openList method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5021.2017-12-20not yet calculatedCVE-2017-14829
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the page method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5027.2017-12-20not yet calculatedCVE-2017-14835
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of FileAttachment annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5026.2017-12-20not yet calculatedCVE-2017-14834
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of Circle Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5023.2017-12-20not yet calculatedCVE-2017-14831
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Caret Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5024.2017-12-20not yet calculatedCVE-2017-14832
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5244.2017-12-20not yet calculatedCVE-2017-16579
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290.2017-12-20not yet calculatedCVE-2017-16584
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the datasets element of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5289.2017-12-20not yet calculatedCVE-2017-16583
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5295.2017-12-20not yet calculatedCVE-2017-16586
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.response method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5294.2017-12-20not yet calculatedCVE-2017-16585
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ImageField node of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5281.2017-12-20not yet calculatedCVE-2017-16580
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XFA's field element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5092.2017-12-20not yet calculatedCVE-2017-16576
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the picture elements within XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5216.2017-12-20not yet calculatedCVE-2017-16578
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025.2017-12-20not yet calculatedCVE-2017-14833
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the alignment attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5094.2017-12-20not yet calculatedCVE-2017-16577
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5028.2017-12-20not yet calculatedCVE-2017-14836
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LZWDecode filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5078.2017-12-20not yet calculatedCVE-2017-16573
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Image filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5079.2017-12-20not yet calculatedCVE-2017-16574
CONFIRM
MISCfoxit*-- reader
*This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4976.2017-12-20not yet calculatedCVE-2017-16588
CONFIRM
MISCgenexis_b.v. -- genexis_automatic_provisioning_system
*CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the "chk" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid "chk" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2.2017-12-20not yet calculatedCVE-2017-6094
FULLDISCgimp*-- gimp
*In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.2017-12-20not yet calculatedCVE-2017-17786
MISC
MISCgimp*-- gimp
*In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.2017-12-20not yet calculatedCVE-2017-17787
MISC
MISCgimp*-- gimp
*In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.2017-12-20not yet calculatedCVE-2017-17785
MISC
MISCgimp*-- gimp
*In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.2017-12-20not yet calculatedCVE-2017-17784
MISC
MISCgimp*-- gimp
*In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.2017-12-20not yet calculatedCVE-2017-17788
MISC
MISCgimp*-- gimp
*In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.2017-12-20not yet calculatedCVE-2017-17789
MISC
MISCgithub -- git_lfs
*GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.2017-12-21not yet calculatedCVE-2017-17831
MISC
MISC
MISCgitlab*-- gitlab
*GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.2017-12-17not yet calculatedCVE-2017-17716
MISC
MISC
MISCgnu -- c_library
*elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.2017-12-17not yet calculatedCVE-2017-16997
CONFIRM
CONFIRM
CONFIRMgolden_frog -- vyprvpn

*In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.2017-12-20not yet calculatedCVE-2017-17809
MISCgpweb*-- gpweb
*Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.2017-12-18not yet calculatedCVE-2017-15877
MISCgpweb*-- gpweb
*SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.2017-12-18not yet calculatedCVE-2017-15875
MISCgpweb*-- gpweb
*Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.2017-12-18not yet calculatedCVE-2017-15876
MISCgraphicsmagick*-- graphicsmagick*In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.2017-12-20not yet calculatedCVE-2017-17782
CONFIRM
CONFIRMgraphicsmagick*-- graphicsmagick*
*In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.2017-12-20not yet calculatedCVE-2017-17783
CONFIRM
CONFIRMh2o*-- h2o
*H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.2017-12-22not yet calculatedCVE-2017-10908
CONFIRM
JVNh2o*-- h2o
*H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.2017-12-22not yet calculatedCVE-2017-10868
CONFIRM
JVNh2o*-- h2o
*H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.2017-12-22not yet calculatedCVE-2017-10872
CONFIRM
JVNh2o*-- h2o
*Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.2017-12-22not yet calculatedCVE-2017-10869
CONFIRM
JVNheketi*-- heketi
*A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.2017-12-18not yet calculatedCVE-2017-15103
REDHAT
CONFIRM
CONFIRMheketi*-- heketi
*An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.2017-12-18not yet calculatedCVE-2017-15104
REDHAT
CONFIRM
CONFIRM
CONFIRMhorde_project*-- groupware
*In Horde Groupware through 5.2.22, SQL Injection exists via the group parameter to /services/prefs.php or the homePostalCode parameter to /turba/search.php.2017-12-20not yet calculatedCVE-2017-17781
MISChuawei -- fusionsphere_openstack
*Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak.2017-12-22not yet calculatedCVE-2017-15321
CONFIRMhuawei -- hg8245h
*Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak.2017-12-22not yet calculatedCVE-2017-15328
MISC
MISChuawei -- honor_8_smartphone
*Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.2017-12-22not yet calculatedCVE-2017-15307
CONFIRMhuawei -- ireader
*Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD card.2017-12-22not yet calculatedCVE-2017-15310
CONFIRMhuawei -- ireader
*Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.2017-12-22not yet calculatedCVE-2017-15309
CONFIRMhuawei -- ireader
*Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run.2017-12-22not yet calculatedCVE-2017-15308
CONFIRMhuawei -- mate_9_smartphone
*The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.2017-12-22not yet calculatedCVE-2017-15316
CONFIRMhuawei -- multiple_smartphones
*Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device. Successful exploit could make a service crash.2017-12-22not yet calculatedCVE-2017-15322
CONFIRMhuawei*-- multiple_products
*The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.2017-12-22not yet calculatedCVE-2017-15311
CONFIRMhuawei*-- multiple_products
*RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.2017-12-22not yet calculatedCVE-2017-15318
CONFIRMhuawei*-- multiple_products
*AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device, causing the device to read out of bounds and restart.2017-12-22not yet calculatedCVE-2017-15317
CONFIRMhuawei*-- multiple_products
*Huawei S12700 V200R006C00, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R009C00, V200R010C00; S1700 V200R006C10, V200R009C00, V200R010C00; S2700 V200R006C00, V200R006C10, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00; S5700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00; S6700 V200R005C00, V200R008C00, V200R009C00, V200R010C00; S7700 V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C0; S9700 V200R006C00, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart.2017-12-22not yet calculatedCVE-2017-15324
CONFIRMhuawei*-- multiple_products
*RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.2017-12-22not yet calculatedCVE-2017-15319
CONFIRMhuawei*-- multiple_products
*RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.2017-12-22not yet calculatedCVE-2017-15320
CONFIRMhuawei*-- smartcare
*Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device.2017-12-22not yet calculatedCVE-2017-15312
CONFIRMhuawei*-- smartcare

*Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device.2017-12-22not yet calculatedCVE-2017-15313
CONFIRMibm -- business_process_manager
*IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692.2017-12-20not yet calculatedCVE-2017-1494
CONFIRM
BID
MISCibm -- integration_bus
*IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165.2017-12-20not yet calculatedCVE-2017-1694
CONFIRM
MISCibm -- jazz_for_service_managmeent
*IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.2017-12-20not yet calculatedCVE-2017-1631
CONFIRM
MISCibm -- jazz_for_service_managment
*IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.2017-12-20not yet calculatedCVE-2017-1746
CONFIRM
MISCibm -- qradar
*IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178.2017-12-20not yet calculatedCVE-2017-1696
CONFIRM
MISCibm -- robotic_process_automation
*IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546.2017-12-20not yet calculatedCVE-2017-1751
CONFIRM
MISCibm -- security_guardium
*IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.2017-12-20not yet calculatedCVE-2017-1757
CONFIRM
MISCibm -- websphere_portal
*IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.2017-12-20not yet calculatedCVE-2017-1423
SECTRACK
MISC
CONFIRMibm*-- security_guardiumIBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.2017-12-20not yet calculatedCVE-2017-1266
CONFIRM
MISCibm*-- security_guardiumIBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745.2017-12-20not yet calculatedCVE-2017-1270
CONFIRM
MISCibm*-- security_guardiumIBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.2017-12-20not yet calculatedCVE-2017-1596
CONFIRM
MISCibm*-- security_guardium
*IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613.2017-12-20not yet calculatedCVE-2017-1600
CONFIRM
MISCibm*-- security_guardium
*IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.2017-12-20not yet calculatedCVE-2017-1261
CONFIRM
MISCibm*-- security_guardium
*IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.2017-12-20not yet calculatedCVE-2017-1598
CONFIRM
MISCibm*-- security_guardium
*IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737.2017-12-20not yet calculatedCVE-2017-1262
CONFIRM
MISCibm*-- security_guardium
*IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.2017-12-20not yet calculatedCVE-2017-1595
CONFIRM
MISCibm*-- security_guardium
*IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.2017-12-20not yet calculatedCVE-2017-1257
CONFIRM
MISCichano*-- athome_ip_camera_devices
*An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifying the command. For example, a id command results in a ok response.2017-12-19not yet calculatedCVE-2017-17761
MISCikarus -- ikarus

*In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000084.2017-12-20not yet calculatedCVE-2017-17804
MISCikarus -- ikarus
*In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088.2017-12-20not yet calculatedCVE-2017-17795
MISCikarus -- ikarus
*In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113.2017-12-20not yet calculatedCVE-2017-14968
MISCikarus -- ikarus
*In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc.2017-12-20not yet calculatedCVE-2017-14965
MISCikarus -- ikarus
*In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0.2017-12-20not yet calculatedCVE-2017-14966
MISCikarus -- ikarus

*In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058.2017-12-20not yet calculatedCVE-2017-17797
MISCikarus -- ikarus
*In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c.2017-12-20not yet calculatedCVE-2017-14964
MISCikarus -- ikarus
*In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114.2017-12-20not yet calculatedCVE-2017-14969
MISCikarus -- ikarus
*In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Out of Bounds Write vulnerability because of not validating input values from IOCtl 0x83000058, a related issue to CVE-2017-17112.2017-12-20not yet calculatedCVE-2017-14962
MISCikarus -- ikarus
*In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080.2017-12-20not yet calculatedCVE-2017-14967
MISCikarus -- ikarus
*In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058.2017-12-20not yet calculatedCVE-2017-14963
MISCjbpm_kie_workbench*-- jbpm_kie_workbench
*Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.2017-12-19not yet calculatedCVE-2013-6465
CONFIRM
CONFIRM
CONFIRMkemp*-- application_firewall_pack
*The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.2017-12-18not yet calculatedCVE-2017-15524
BUGTRAQ
CONFIRM
MISClinux -- linux_kernel
*The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.2017-12-20not yet calculatedCVE-2017-17805
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
*The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.2017-12-20not yet calculatedCVE-2017-17806
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
*The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.2017-12-20not yet calculatedCVE-2017-17807
CONFIRM
CONFIRM
CONFIRMlinux*-- linux_kernel
*The KVM implementation in the Linux kernel through 4.14.7 allows attackers to cause a denial of service (write_mmio stack-based out-of-bounds read) or possibly have unspecified other impact, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.2017-12-18not yet calculatedCVE-2017-17741
MISClyncsys -- wvbr0
*This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0 WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.2017-12-21not yet calculatedCVE-2017-17411
MISCmaccms*-- maccms*
*Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.2017-12-18not yet calculatedCVE-2017-17733
MISCmaplesoft*-- maple_t.a.
*A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688.2017-12-16not yet calculatedCVE-2017-14134
MISCmeinberg -- lantime
*The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.2017-12-15not yet calculatedCVE-2017-16787
FULLDISC
EXPLOIT-DBmeinberg -- lantime
*The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.2017-12-19not yet calculatedCVE-2017-16786
MISC
FULLDISCmicro_focus*-- operations_manager_i
*Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).2017-12-21not yet calculatedCVE-2017-14363
CONFIRMmoxa*-- credentials_management
*A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.2017-12-21not yet calculatedCVE-2017-16727
BID
MISCmt4_networks*-- senhasegura
*A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.2017-12-18not yet calculatedCVE-2017-11562
MISCnetapp -- clustered_data_ontap
*NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.2017-12-18not yet calculatedCVE-2017-14583
CONFIRMnetwide_assembler -- netwide_assembler
*In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.2017-12-20not yet calculatedCVE-2017-17813
MISCnetwide_assembler -- netwide_assembler
*In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.2017-12-20not yet calculatedCVE-2017-17817
MISCnetwide_assembler -- netwide_assembler
*In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.2017-12-20not yet calculatedCVE-2017-17811
MISCnetwide_assembler -- netwide_assembler
*In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.2017-12-20not yet calculatedCVE-2017-17810
MISC
MISCnetwide_assembler -- netwide_assembler
*In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.2017-12-20not yet calculatedCVE-2017-17816
MISCnetwide_assembler -- netwide_assembler
*In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.2017-12-20not yet calculatedCVE-2017-17812
MISC
MISCnetwide_assembler -- netwide_assembler
*In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.2017-12-20not yet calculatedCVE-2017-17818
MISCnetwide_assembler -- netwide_assembler
*In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.2017-12-20not yet calculatedCVE-2017-17820
MISCnetwide_assembler -- netwide_assembler
*In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.2017-12-20not yet calculatedCVE-2017-17819
MISC
MISCnetwide_assembler -- netwide_assembler
*In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.2017-12-20not yet calculatedCVE-2017-17814
MISCnetwide_assembler -- netwide_assembler
*In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.2017-12-20not yet calculatedCVE-2017-17815
MISC
MISCopen_ticket_request_system -- open_ticket_request_system
*Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.2017-12-20not yet calculatedCVE-2017-17476
CONFIRM
CONFIRM
CONFIRM
CONFIRMopenldap*-- openldap
*contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.2017-12-18not yet calculatedCVE-2017-17740
MISCphpscriptsmall.com -- paid_to_read_script
*Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.2017-12-19not yet calculatedCVE-2017-17779
MISCphpscriptsmall.com -- paid_to_read_script
*Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.2017-12-18not yet calculatedCVE-2017-17651
MISC
EXPLOIT-DBphpscriptsmall.com -- paid_to_read_script
*Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter.2017-12-19not yet calculatedCVE-2017-17778
MISCphpscriptsmall.com -- paid_to_read_script
*Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.2017-12-19not yet calculatedCVE-2017-17777
MISCphpscriptsmall.com -- paid_to_read_script
*Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter.2017-12-19not yet calculatedCVE-2017-17776
MISCphpscriptsmall.com*-- readymade_video_sharing_script
*Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.2017-12-18not yet calculatedCVE-2017-17649
MISC
EXPLOIT-DBpiwigo -- piwigo
*Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.2017-12-20not yet calculatedCVE-2017-17827
MISC
MISC
MISCpiwigo -- piwigo
*The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it.2017-12-20not yet calculatedCVE-2017-17826
MISCpiwigo -- piwigo
*The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it.2017-12-20not yet calculatedCVE-2017-17825
MISCpiwigo -- piwigo
*The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.2017-12-20not yet calculatedCVE-2017-17824
MISC
MISC
MISCpiwigo -- piwigo
*The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.2017-12-20not yet calculatedCVE-2017-17823
MISC
MISC
MISCpiwigo -- piwigo
*The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.2017-12-20not yet calculatedCVE-2017-17822
MISC
MISC
MISCpiwigo*-- piwigo
*Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request.2017-12-19not yet calculatedCVE-2017-17775
MISCpiwigo*-- piwigo
*admin/configuration.php in Piwigo 2.9.2 has CSRF.2017-12-19not yet calculatedCVE-2017-17774
MISC
MISCpuppet*-- puppet_enterprise
*Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."2017-12-21not yet calculatedCVE-2015-4100
CONFIRMpuppet*-- puppetlabs-mysql
*puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.2017-12-21not yet calculatedCVE-2015-7224
CONFIRMqnap -- qtsA buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17031
CONFIRMqnap -- qts
*A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17033
CONFIRMqnap -- qts
*A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17030
CONFIRMqnap -- qts
*A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17028
CONFIRMqnap -- qts
*A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17027
CONFIRMqnap -- qts
*A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17032
CONFIRMqnap -- qts
*A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17029
CONFIRMrados -- gateway
*RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.2017-12-20not yet calculatedCVE-2017-16818
CONFIRM
CONFIRM
FEDORArockwell_automation*-- factorytalk_alarms_and_events
*An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate.2017-12-22not yet calculatedCVE-2017-14022
BID
MISCruby -- ruby
*Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.2017-12-15not yet calculatedCVE-2017-17405
BID
CONFIRM
CONFIRMruby*-- ruby
*The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.2017-12-17not yet calculatedCVE-2017-17718
MISC
MISC
MISCruby*-- ruby
*The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.2017-12-20not yet calculatedCVE-2017-17790
CONFIRMsamsung*-- internet_browser
*Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code.2017-12-21not yet calculatedCVE-2017-17692
MISC
MISCsoftonic*-- telegram_messenger_app
*The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.2017-12-16not yet calculatedCVE-2017-17715
MISCsolarwinds*-- multiple_products
*SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.2017-12-20not yet calculatedCVE-2012-2576
EXPLOIT-DB
EXPLOIT-DB
BID
CONFIRM
XFsonatype*-- nexus_repository_manager
*Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.2017-12-17not yet calculatedCVE-2017-17717
MISCsony -- music_center_for_pc
*Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-12-22not yet calculatedCVE-2017-10909
JVNspiqe_software*-- onethird_cms_show_off
*Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.2017-12-22not yet calculatedCVE-2017-10907
JVN
CONFIRMsuperbeam*-- superbeam
*SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection.2017-12-19not yet calculatedCVE-2017-17763
MISCsymantec*-- messaging_gateway
*Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.2017-12-20not yet calculatedCVE-2017-15532
BID
CONFIRMsyncbreeze -- syncbreeze
*The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service.2017-12-19not yet calculatedCVE-2017-17088
MISC
FULLDISC
EXPLOIT-DBsynology -- diskstation_manager
*An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.2017-12-22not yet calculatedCVE-2017-16766
CONFIRMsynology*-- photo_station
*Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.2017-12-20not yet calculatedCVE-2017-12072
CONFIRMtg_soft -- vir.it_explorer_liteIn TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060.2017-12-20not yet calculatedCVE-2017-17801
MISCtg_soft -- vir.it_explorer_lite
*In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800.2017-12-20not yet calculatedCVE-2017-17798
MISCtg_soft -- vir.it_explorer_lite
*In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E080.2017-12-20not yet calculatedCVE-2017-17802
MISCtg_soft -- vir.it_explorer_lite
*In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475.2017-12-20not yet calculatedCVE-2017-17803
MISCtg_soft -- vir.it_explorer_lite
*In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068.2017-12-20not yet calculatedCVE-2017-17799
MISCtg_soft -- vir.it_explorer_lite
*In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4.2017-12-20not yet calculatedCVE-2017-17796
MISCtg_soft -- vir.it_explorer_lite
*In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17798.2017-12-20not yet calculatedCVE-2017-17800
MISCtp-link*-- multiple_products
*TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.2017-12-19not yet calculatedCVE-2017-17757
MISCtp-link*-- multiple_products
*TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.2017-12-19not yet calculatedCVE-2017-17758
MISCtp-link*-- tl-sg108e_device
*Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.2017-12-20not yet calculatedCVE-2017-17746
FULLDISCtp-link*-- tl-sg108e_device
*Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.2017-12-20not yet calculatedCVE-2017-17745
FULLDISCtp-link*-- tl-sg108e_device
*Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.2017-12-20not yet calculatedCVE-2017-17747
FULLDISCtrape*-- trape
*Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17714
MISC
MISC
MISCtrape*-- trape
*Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17713
MISC
MISC
MISC
MISC
MISCurbackup -- urbackup_server
*Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter.2017-12-17not yet calculatedCVE-2017-16950
CONFIRM
CONFIRMvideolan*-- vlc
*In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.2017-12-15not yet calculatedCVE-2017-17670
MISC
BIDvmware -- esxi__and_workstation_and_fusion
*VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.2017-12-20not yet calculatedCVE-2017-4933
CONFIRMvmware -- esxi__and_workstation_and_fusion
*VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.2017-12-20not yet calculatedCVE-2017-4941
CONFIRMvmware -- esxi
*The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.2017-12-20not yet calculatedCVE-2017-4940
CONFIRMvmware -- vcenter_server_appliance
*VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.2017-12-20not yet calculatedCVE-2017-4943
CONFIRMwebkit -- webkit
*WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length.2017-12-20not yet calculatedCVE-2017-17821
MISC
MISCwecon -- levistudio_hmi_editor
*A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.2017-12-20not yet calculatedCVE-2017-16717
MISCwordpress -- wordpress
*An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.2017-12-18not yet calculatedCVE-2017-16949
MISC
MISC
EXPLOIT-DBwordpress -- wordpress
*Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php.2017-12-20not yet calculatedCVE-2011-4955
CONFIRM
SECUNIA
CONFIRM
MLIST
MLIST
XFwordpress*-- wordpress
*Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php.2017-12-19not yet calculatedCVE-2017-17753
MISCwordpress*-- wordpress
*The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5.2017-12-19not yet calculatedCVE-2017-17780
MISC
MISCwordpress*-- wordpress
*A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php.2017-12-19not yet calculatedCVE-2017-17744
MISC
MISCworpress*-- wordpress
*A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php.2017-12-19not yet calculatedCVE-2017-17719
MISC
MISC www.phpautoclassifiedscript -- bus_booking_script
*Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.2017-12-21not yet calculatedCVE-2017-17828
MISC www.phpautoclassifiedscript -- bus_booking_script
*Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.2017-12-21not yet calculatedCVE-2017-17829
MISC www.phpautoclassifiedscript -- bus_booking_script
*Bus Booking Script has CSRF via admin/new_master.php.2017-12-21not yet calculatedCVE-2017-17830
MISC www.phpautoclassifiedscript -- bus_booking_script
*Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.2017-12-18not yet calculatedCVE-2017-17645
MISC
EXPLOIT-DBxiongmai_technology*-- multiple_products
*A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.2017-12-20not yet calculatedCVE-2017-16725
BID
MISCzivif -- pr115-204-p-rs_camera
*Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.2017-12-18not yet calculatedCVE-2017-17107
MISC
FULLDISC
MISCzivif -- pr115-204-p-rs_camera
*Zivif PR115-204-P-RS V2.3.4.2103 web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.2017-12-18not yet calculatedCVE-2017-17105
MISC
FULLDISC
MISCzivif -- pr115-204-p-rs_camera
*Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.2017-12-18not yet calculatedCVE-2017-17106
MISC
FULLDISC
MISCzoom*-- zoomlauncher
*Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.2017-12-19not yet calculatedCVE-2017-15048
MISC
FULLDISC
MISC
EXPLOIT-DBzoom*-- zoomlauncher
*The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.2017-12-19not yet calculatedCVE-2017-15049
MISC
FULLDISC
MISC
EXPLOIT-DBzuuse_beims*-- contractorweb.net
*CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.2017-12-18not yet calculatedCVE-2017-17721
MISC Back to top
This product is provided subject to this Notification and this Privacy & Use policy.

More...