|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
SB17-338: Vulnerability Summary for the Week of November 27, 2017
SB17-338: Vulnerability Summary for the Week of November 27, 2017 12-03-2017 09:27 PM Original release date: December 04, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- webex_meeting_centerA vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843.2017-11-304.0CVE-2017-12297 BID SECTRACK CONFIRMcisco -- webex_meeting_centerA Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543.2017-11-304.3CVE-2017-12359 CONFIRMcisco -- webex_meeting_centerA vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301.2017-11-304.3CVE-2017-12360 BID CONFIRMcisco -- webex_meeting_centerA vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displayed information. An attacker could use this information to attend meetings that are not available for their attendance. Cisco Bug IDs: CSCvg33629.2017-11-304.0CVE-2017-12365 BID SECTRACK CONFIRMcisco -- webex_meeting_centerA vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440.2017-11-304.3CVE-2017-12366 BID SECTRACK CONFIRMcisco -- webex_meetings_serverA vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could allow the attacker to modify the welcome message of any known meeting. Cisco Bug IDs: CSCvf68695.2017-11-305.0CVE-2017-12363 BID SECTRACK @#32#Back to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top * Severity Not Yet Assigned
Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- coldfusion *Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11285 BID SECTRACK CONFIRMadobe -- coldfusion *Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11286 BID SECTRACK CONFIRMadobe -- coldfusion *Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11283 BID SECTRACK CONFIRMadobe -- coldfusion *Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11284 BID SECTRACK CONFIRMadobe -- flash *Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.2017-12-01not yet calculatedCVE-2017-11282 BID SECTRACK CONFIRM GENTOO EXPLOIT-DBadobe -- flash *Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.2017-12-01not yet calculatedCVE-2017-11281 BID SECTRACK CONFIRM GENTOO EXPLOIT-DB EXPLOIT-DBadobe -- robohelp *Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.2017-12-01not yet calculatedCVE-2017-3105 BID SECTRACK CONFIRMadobe -- robohelp *Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.2017-12-01not yet calculatedCVE-2017-3104 BID SECTRACK CONFIRMapache -- cxf_fediz *Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser.2017-11-30not yet calculatedCVE-2017-12631 MLISTapache -- qpid_broker-j *In Apache Qpid Broker-J before 6.1.x before 6.1.5, the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.2017-12-01not yet calculatedCVE-2017-15701 CONFIRM MLIST CONFIRMapache -- qpid_broker-j *In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected.2017-12-01not yet calculatedCVE-2017-15702 CONFIRM MLIST CONFIRMapache -- struts *In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.2017-12-01not yet calculatedCVE-2017-15707 SECTRACK CONFIRMapple -- macos_high_sierra *An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.2017-11-29not yet calculatedCVE-2017-13872 BID SECTRACK MISC MISC MISC MISCarq -- arq *The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.2017-12-01not yet calculatedCVE-2017-15357 MISC CONFIRMarq -- multiple_products *The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.2017-12-01not yet calculatedCVE-2017-16895 MISC CONFIRMatlassian -- hipchat *The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.2017-11-27not yet calculatedCVE-2017-14586 BID CONFIRM CONFIRMatlassian -- hipchat *A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected.2017-11-27not yet calculatedCVE-2017-14585 BID CONFIRM CONFIRMatlassian -- multiple_products *Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.2017-11-29not yet calculatedCVE-2017-14591 CONFIRMaubio -- aubio *In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.2017-11-29not yet calculatedCVE-2017-17054 MISCb3log/symphony -- b3log/symphony *b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.2017-11-27not yet calculatedCVE-2017-16956 CONFIRMbazaar -- bazaar *Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.2017-11-27not yet calculatedCVE-2017-14176 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM DEBIANbigtree -- bigtree_cms *A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.2017-11-27not yet calculatedCVE-2017-16961 MISCbluemotion -- ohmibod *The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user_id, and token fields in data/data/com.ohmibod.remote2/shared_prefs/OMB.xml.2017-12-01not yet calculatedCVE-2017-14487 MISCcisco -- application_policy_ infrastructure_controllers *A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-controlled input that is supplied to certain script files of an affected system. An attacker could exploit this vulnerability by submitting crafted input to a script file on an affected system. A successful exploit could allow the attacker to gain elevated privileges and execute arbitrary commands with root privileges on the affected system. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf57274.2017-11-30not yet calculatedCVE-2017-12352 BID SECTRACK CONFIRMcisco -- asynchos_software *A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666.2017-11-30not yet calculatedCVE-2017-12353 BID SECTRACK CONFIRMcisco -- data_center_network_manager *Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12347 BID CONFIRMcisco -- data_center_network_manager *Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12343 BID CONFIRMcisco -- data_center_network_manager *Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12345 BID CONFIRMcisco -- data_center_network_manager *Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12344 BID CONFIRMcisco -- data_center_network_manager *Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12346 BID CONFIRMcisco -- firepower_extensible_operating_system_and _nx-os *A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco FXOS or NX-OS System Software: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve51700, CSCve93833, CSCve93860, CSCve93863, CSCve93864, CSCve93880.2017-11-30not yet calculatedCVE-2017-12329 BID SECTRACK CONFIRMcisco -- ios_xr *A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an affected system. A successful exploit could allow the attacker to cause one of the LPTS processes on the affected system to restart unexpectedly, which would impact LPTS traffic and cause a brief DoS condition while the process restarts. Cisco Bug IDs: CSCvf76332.2017-11-30not yet calculatedCVE-2017-12355 BID SECTRACK CONFIRMcisco -- ip_phone_8800_series_devices *A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.2017-11-30not yet calculatedCVE-2017-12328 BID SECTRACK CONFIRMcisco -- jabber *A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79080, CSCvf79088.2017-11-30not yet calculatedCVE-2017-12358 BID CONFIRMcisco -- jabber *A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf50378, CSCvg56018.2017-11-30not yet calculatedCVE-2017-12356 BID SECTRACK CONFIRMcisco -- jabber *A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber for Windows handles random number generation for file folders. An attacker could exploit the vulnerability by fixing the random number data used to establish Secure Sockets Layer (SSL) connections between clients. An exploit could allow the attacker to decrypt secure communications made by the Cisco Jabber for Windows client. Cisco Bug IDs: CSCve44806.2017-11-30not yet calculatedCVE-2017-12361 BID SECTRACK CONFIRMcisco -- meeting_server *A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931.2017-11-30not yet calculatedCVE-2017-12362 BID SECTRACK CONFIRMcisco -- nexus_series_switches *A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature. An attacker could exploit this vulnerability by crafting specific packets for communication on the device-internal network. A successful exploit could allow the attacker to run code on the underlying host operating system. OAC is not enabled by default. For a device to be vulnerable, an administrator would need to install and activate this feature. This vulnerability affects the following Cisco Nexus Series Switches: Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. Cisco Bug IDs: CSCve53542, CSCvf36621.2017-11-30not yet calculatedCVE-2017-12342 SECTRACK CONFIRMcisco -- nx_os *A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gaining unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99902, CSCvf14879.2017-11-30not yet calculatedCVE-2017-12330 BID SECTRACK CONFIRMcisco -- nx_os *A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due to insufficient internal security measures in the guest shell feature. An attacker could exploit this vulnerability by sending or receiving packets on the device-internal network outside of the guest shell container, aka "Unauthorized Internal Interface Access." This vulnerability affects the following products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvf33038.2017-11-30not yet calculatedCVE-2017-12351 BID SECTRACK CONFIRMcisco -- nx_os *A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software patch on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16494, CSCvf23655.2017-11-30not yet calculatedCVE-2017-12331 SECTRACK CONFIRMcisco -- nx_os *A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the installation of a software patch. An attacker could exploit this vulnerability by installing a crafted patch image with the vulnerable operation occurring prior to patch activation. An exploit could allow the attacker to execute arbitrary commands on an affected system as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf23735, CSCvg04072.2017-11-30not yet calculatedCVE-2017-12341 SECTRACK CONFIRMcisco -- nx_os *A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf15113, CSCvf15122, CSCvf15125, CSCvf15131, CSCvf15143, CSCvg04088.2017-11-30not yet calculatedCVE-2017-12334 SECTRACK CONFIRMcisco -- nx_os *A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software image on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf25045, CSCvf31495.2017-11-30not yet calculatedCVE-2017-12333 SECTRACK CONFIRMcisco -- nx_os *A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832.2017-11-30not yet calculatedCVE-2017-12332 SECTRACK CONFIRMcisco -- nx_os *A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, and Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99925, CSCvf15164, CSCvf15167, CSCvf15170, CSCvf15173.2017-11-30not yet calculatedCVE-2017-12339 SECTRACK CONFIRMcisco -- nx_os *A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gain unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf14923, CSCvf14926, CSCvg04095.2017-11-30not yet calculatedCVE-2017-12335 SECTRACK CONFIRMcisco -- nx_os *A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.2017-11-30not yet calculatedCVE-2017-12336 SECTRACK CONFIRMcisco -- nx_os *A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513.2017-11-30not yet calculatedCVE-2017-12340 CONFIRMcisco -- nx_os *A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted command on the CLI. An exploit could allow the attacker unauthorized access to read arbitrary files on the underlying local file system. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to read files from any VDC. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve51707, CSCve93961, CSCve93964, CSCve93965, CSCve93968, CSCve93974, CSCve93976.2017-11-30not yet calculatedCVE-2017-12338 SECTRACK CONFIRMcisco -- prime_service_catalog *A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Cisco Bug IDs: CSCvg30333.2017-11-30not yet calculatedCVE-2017-12364 BID SECTRACK CONFIRMcisco -- secure_access_control_system *A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version information when the software responds to HTTP requests that are sent to the web-based interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based interface of the affected software. A successful exploit could allow the attacker to view sensitive information about the software, which the attacker could use to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvf66155.2017-11-30not yet calculatedCVE-2017-12354 BID SECTRACK CONFIRMcisco -- ucs_central_software *Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.2017-11-30not yet calculatedCVE-2017-12349 BID SECTRACK CONFIRMcisco -- ucs_central_software *Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.2017-11-30not yet calculatedCVE-2017-12348 BID SECTRACK CONFIRMcisco -- umbrella_virtual_appliance *The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.2017-12-01not yet calculatedCVE-2017-6679 BID MISC MISCcisco -- unified_communications_manager *A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346.2017-11-30not yet calculatedCVE-2017-12357 BID SECTRACK CONFIRMcisco -- webex_network_recording_player *A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve11545, CSCve02843, CSCve11548.2017-11-30not yet calculatedCVE-2017-12367 BID SECTRACK CONFIRMcisco -- webex_network_recording_player *A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve10584, CSCve10591, CSCve11503, CSCve10658, CSCve11507, CSCve10749, CSCve10744, CSCve11532, CSCve10762, CSCve10764, CSCve11538.2017-11-30not yet calculatedCVE-2017-12368 BID SECTRACK CONFIRMcisco -- webex_network_recording_player *A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve30208, CSCve30214, CSCve30268.2017-11-30not yet calculatedCVE-2017-12369 BID SECTRACK CONFIRMcisco -- webex_network_recording_player *A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850.2017-11-30not yet calculatedCVE-2017-12370 BID SECTRACK CONFIRMcisco -- webex_network_recording_player *A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf49650, CSCvg54853, CSCvg54856, CSCvf49697, CSCvg54861, CSCvf49707, CSCvg54867.2017-11-30not yet calculatedCVE-2017-12371 BID SECTRACK CONFIRMcisco -- webex_network_recording_player *A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf57234, CSCvg54868, CSCvg54870.2017-11-30not yet calculatedCVE-2017-12372 BID SECTRACK CONFIRMcs-cart -- cs-cart *The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.2017-11-28not yet calculatedCVE-2017-15673 MISCcurl_project -- curl_and_libcurlThe FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.2017-11-29not yet calculatedCVE-2017-8817 SECTRACK CONFIRM DEBIANcurl_project -- curl_and_libcurl *The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.2017-11-29not yet calculatedCVE-2017-8816 BID SECTRACK CONFIRM DEBIANcurl_project -- curl_and_libcurl *curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.2017-11-29not yet calculatedCVE-2017-8818 BID SECTRACK CONFIRMd-link -- dir-605l_model_b *An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request.2017-11-30not yet calculatedCVE-2017-17065 CONFIRMdahua_technology -- ip_camera_and_ptz *Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.2017-11-28not yet calculatedCVE-2017-9315 CONFIRMdahua_technology -- ipc-hdw4300s *Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.2017-11-27not yet calculatedCVE-2017-9316 CONFIRMdell_emc -- scaleio *An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.2017-11-28not yet calculatedCVE-2017-8019 CONFIRM BIDdell_emc -- scaleio *An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server.2017-11-28not yet calculatedCVE-2017-8020 CONFIRM BIDdell_emc -- scaleio *An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.2017-11-28not yet calculatedCVE-2017-8001 CONFIRM BIDdigium -- asterisk_open_source *An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.2017-12-01not yet calculatedCVE-2017-17090 CONFIRM CONFIRMeast_nippon_telegraph_and_telephone_corporation -- pwr_q200_router *PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks.2017-12-01not yet calculatedCVE-2017-10874 CONFIRM JVNemc -- rsa_authentication_agent *EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass.2017-11-29not yet calculatedCVE-2017-14377 CONFIRM BID SECTRACKemc -- rsa_authentication_agent *EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability."2017-11-29not yet calculatedCVE-2017-14378 CONFIRM BID SECTRACKemc -- rsa_authentication_manager *EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-11-28not yet calculatedCVE-2017-14379 CONFIRM BID SECTRACKevince -- evince *Command injection in evince 3.24.8 via filename when printing to PDF2017-11-27not yet calculatedCVE-2017-1000159 CONFIRMexim -- exim *The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.2017-11-25not yet calculatedCVE-2017-16943 MISC MISC MISC SECTRACK MISC MISC MISC MISC MISC DEBIANexim -- exim *The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.2017-11-25not yet calculatedCVE-2017-16944 MISC MISC MISC SECTRACK MISC MISC DEBIAN EXPLOIT-DBffmpeg -- ffmpeg *The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.2017-11-30not yet calculatedCVE-2017-17081 MISC MISC MISCforeman -- foreman *An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.2017-11-27not yet calculatedCVE-2017-15100 CONFIRM CONFIRMfortinet -- fortios *A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.6, 5.2.0 to 5.2.12, 5.0 and below versions under SSL VPN web portal allows an authenticated user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.2017-11-29not yet calculatedCVE-2017-14186 BID SECTRACK CONFIRMfortinet -- fortiwebmanager *An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.2017-11-29not yet calculatedCVE-2017-14189 BID SECTRACK CONFIRMgnu -- bitutils *elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.2017-11-30not yet calculatedCVE-2017-17080 MISChangzhou_hikvision_digital_technology -- hikvision *HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication.2017-12-01not yet calculatedCVE-2017-14953 MISC FULLDISChitachi_vantara -- pentaho *In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.2017-11-27not yet calculatedCVE-2016-10701 MISC MISC MISCibm -- business_process_manager *IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.2017-11-27not yet calculatedCVE-2017-1628 CONFIRM BID SECTRACK MISCibm -- collaborative_lifecycle_management *An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.2017-11-27not yet calculatedCVE-2017-1251 CONFIRM MISCibm -- doors_next_generation *IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134064.2017-11-27not yet calculatedCVE-2017-1689 CONFIRM BID MISCibm -- doors_next_generation *IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131759.2017-11-27not yet calculatedCVE-2017-1560 CONFIRM BID MISCibm -- doors_next_generation *IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128460.2017-11-27not yet calculatedCVE-2017-1461 CONFIRM BID MISCibm -- doors_next_generation *IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134063.2017-11-27not yet calculatedCVE-2017-1688 CONFIRM BID MISCibm -- doors_next_generation *IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134000.2017-11-27not yet calculatedCVE-2017-1678 CONFIRM BID MISCibm -- doors_next_generation *IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132494.2017-11-27not yet calculatedCVE-2017-1593 CONFIRM BID MISCibm -- doors_next_generation *IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132927.2017-11-27not yet calculatedCVE-2017-1607 CONFIRM BID MISCibm -- doors_next_generation *IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133260.2017-11-27not yet calculatedCVE-2017-1650 CONFIRM BID MISCibm -- jazz_foundation *IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.2017-11-27not yet calculatedCVE-2017-1570 CONFIRM MISCibm -- jazz_products *IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.2017-11-27not yet calculatedCVE-2016-6024 CONFIRM MISCibm -- rhapsody_dm *IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.2017-11-27not yet calculatedCVE-2017-1240 CONFIRM BID MISCibm -- websphere_mq *IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.2017-11-27not yet calculatedCVE-2017-1283 CONFIRM MISCibm -- websphere *IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.2017-11-27not yet calculatedCVE-2017-1484 CONFIRM BID MISCindeo -- otter *Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.2017-12-01not yet calculatedCVE-2017-15607 CONFIRM CONFIRMindeo -- otter *Indeo Otter through 1.7.4 mishandles a "" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.2017-12-01not yet calculatedCVE-2017-17086 CONFIRMismartalarm -- cubeone *Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.2017-12-01not yet calculatedCVE-2017-13664 MISCismartalarm -- cubeone *Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.2017-12-01not yet calculatedCVE-2017-13663 MISCjavascript -- javascriptmath.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.2017-11-27not yet calculatedCVE-2017-1001002 CONFIRM CONFIRMjavascript -- javascript math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.2017-11-27not yet calculatedCVE-2017-1001003 CONFIRM CONFIRMjavascript -- javascript *typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.2017-11-27not yet calculatedCVE-2017-1001004 CONFIRM CONFIRMkmplayer -- kmplayer *KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.2017-11-28not yet calculatedCVE-2017-16952 EXPLOIT-DBlenovo -- xclarity_administrator *A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed.2017-11-30not yet calculatedCVE-2017-3764 CONFIRMlibsndfile -- libsndfile *In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.2017-11-25not yet calculatedCVE-2017-16942 MISClibtiff -- libtiff *tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.2017-12-02not yet calculatedCVE-2017-17095 MISC MISClibvirtd -- libvirtd *When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.2017-11-27not yet calculatedCVE-2017-15114 BID CONFIRMlibxcursor -- libxcursor *libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.2017-12-01not yet calculatedCVE-2017-16612 MLIST UBUNTU CONFIRM CONFIRM MLISTlibxfont_libxfont2 -- libxfont_libxfont2 *In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.2017-12-01not yet calculatedCVE-2017-16611 MLIST UBUNTU CONFIRM MLIST MLISTlinux -- linux_kernel *The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.2017-11-30not yet calculatedCVE-2017-1000405 MISC EXPLOIT-DBlinux -- linux_kernel *The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).2017-11-30not yet calculatedCVE-2017-15116 MISC MISC MISC MISClinux -- linux_kernel *The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.2017-11-28not yet calculatedCVE-2017-17052 CONFIRM BID CONFIRM CONFIRMlinux -- linux_kernel *The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.2017-11-28not yet calculatedCVE-2017-17053 CONFIRM BID CONFIRM CONFIRMlinux -- linux_kernel *The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.2017-11-24not yet calculatedCVE-2017-16939 MISC MISC MISC BID MISC MISC MISClinux -- linux_kernel *The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.2017-11-27not yet calculatedCVE-2017-16994 CONFIRM CONFIRM BID CONFIRM CONFIRM EXPLOIT-DBmisp -- misp *The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.2017-11-25not yet calculatedCVE-2017-16946 CONFIRMmoore_thompson -- mt_cloud *SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10899 JVNmoore_thompson -- mt_cloud *SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10898 JVNopendaylight_project -- karaf *OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).2017-11-30not yet calculatedCVE-2017-1000406 MLIST CONFIRM CONFIRMpebble -- smartwatch *Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary.2017-11-28not yet calculatedCVE-2016-10702 MISCpivotal -- cloud_foundry *In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.2017-11-27not yet calculatedCVE-2017-8044 BID CONFIRMpivotal -- cloud_foundry *An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."2017-11-28not yet calculatedCVE-2017-14389 CONFIRMpivotal -- cloud_foundry *In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations.2017-11-27not yet calculatedCVE-2017-14390 BID CONFIRMpivotal -- cloud_foundry *In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.2017-11-27not yet calculatedCVE-2017-8038 CONFIRMpivotal -- cloud_foundry *An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service.2017-11-27not yet calculatedCVE-2017-8031 BID CONFIRMpivotal -- spring-LDAP *In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDi rContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect.2017-11-27not yet calculatedCVE-2017-8028 CONFIRM DEBIANpivotal -- spring_security *An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(Object Mapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.2017-11-27not yet calculatedCVE-2017-4995 BID CONFIRMpivotal -- spring *An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971.2017-11-27not yet calculatedCVE-2017-8039 BID CONFIRMpivotal -- spring *In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.2017-11-27not yet calculatedCVE-2017-8045 BID CONFIRMpiwigo -- piwigo *The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application.2017-12-01not yet calculatedCVE-2017-16893 MISCprinceton -- ptw-wms1 *PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10902 JVNprinceton -- ptw-wms1 *PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10900 JVNprinceton -- ptw-wms1 *Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10903 JVNprinceton -- ptw-wms1 *Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10901 JVNqualitysoft -- qnd *Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.2017-12-01not yet calculatedCVE-2017-10861 CONFIRM MISCrestlet -- restlet_framework *Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.2017-11-30not yet calculatedCVE-2017-14868 MISC MISC MISCrestlet -- restlet_framework *Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation.2017-11-30not yet calculatedCVE-2017-14949 MISC MISCsamba -- samba *Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.2017-11-27not yet calculatedCVE-2017-14746 BID SECTRACK UBUNTU REDHAT REDHAT REDHAT DEBIAN CONFIRMsamba -- samba *Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.2017-11-27not yet calculatedCVE-2017-15275 BID SECTRACK UBUNTU UBUNTU REDHAT REDHAT REDHAT DEBIAN CONFIRMsamsung/seagate -- drives *Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack."2017-11-27not yet calculatedCVE-2015-7268 MISC MISCsamsung/seagate -- drives *Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack."2017-11-27not yet calculatedCVE-2015-7267 MISC MISCseagate -- st500lt015_drives *Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack."2017-11-27not yet calculatedCVE-2015-7269 MISC MISCsony -- media_go *Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-12-01not yet calculatedCVE-2017-10891 JVNsony -- music_center_for_pc *Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-12-01not yet calculatedCVE-2017-10892 JVNsplunk -- splunk_enterprise *Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.2017-11-29not yet calculatedCVE-2017-17067 BID CONFIRMsquiz -- matrixAn issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins.2017-11-29not yet calculatedCVE-2017-14197 MISCsquiz -- matrix *An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag.2017-11-29not yet calculatedCVE-2017-14198 MISCsquiz -- matrix *An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.2017-11-29not yet calculatedCVE-2017-14196 MISCstalker_software -- communigate_pro *The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.2017-11-27not yet calculatedCVE-2017-16962 MISC EXPLOIT-DBswagger-parser -- swagger-parser *A vulnerability in Swagger-Parser's version |
Sponsored Links |
|