SB17-352: Vulnerability Summary for the Week of December 11, 2017

The Patriot · #1 12-21-2017, 07:43 AM

SB17-352: Vulnerability Summary for the Week of December 11, 2017

12-17-2017 09:24 PM

Original release date: December 18, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3 CVE-2017-16360
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack.2017-12-099.3 CVE-2017-16362
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3 CVE-2017-16363
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3 CVE-2017-16364
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3 CVE-2017-16365
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack.2017-12-099.3 CVE-2017-16367
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory.2017-12-099.3 CVE-2017-16368
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16370
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaScript engine. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3 CVE-2017-16371
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure.2017-12-099.3 CVE-2017-16372
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3 CVE-2017-16373
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3 CVE-2017-16374
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaSscript API engine. In this scenario, the JavaScript input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3 CVE-2017-16375
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the MakeAccessible plugin. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16376
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.2017-12-099.3 CVE-2017-16377
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized; the computation occurs during internal AST thread manipulation. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.2017-12-099.3 CVE-2017-16378
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine.2017-12-099.3 CVE-2017-16379
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt.2017-12-099.3 CVE-2017-16380
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value when processing TIFF files embedded within an XPS document. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3 CVE-2017-16381
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16382
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document.2017-12-099.3 CVE-2017-16383
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3 CVE-2017-16384
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in TIFF parsing during XPS conversion. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3 CVE-2017-16385
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS2PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16386
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG2000 codec. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16387
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3 CVE-2017-16388
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access. Successful exploitation could lead to arbitrary code execution.2017-12-099.3 CVE-2017-16389
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine API. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3 CVE-2017-16390
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.2017-12-099.3 CVE-2017-16391
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the JPEG processing module. Crafted input with an unexpected JPEG file segment size causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3 CVE-2017-16392
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3 CVE-2017-16393
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16394
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3 CVE-2017-16395
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the TIFF processing module. Crafted input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3 CVE-2017-16396
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16397
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3 CVE-2017-16398
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3 CVE-2017-16399
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG 2000 parser. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16400
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of an image conversion, specifically in Enhanced Metafile Format Plus (EMF +) processing modules. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16401
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JPEG 2000 module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16402
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16403
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3 CVE-2017-16404
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of Acrobat's page display functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16405
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion vulnerability in the EMF processing module. The issue causes the program to access an object using an incompatible type, leading to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack.2017-12-099.3 CVE-2017-16406
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of handling an EMF EMR_BITBLT record. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3 CVE-2017-16407
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16408
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the Adobe graphics module responsible for displaying textual data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16409
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the image conversion module, when processing GIF files. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.2017-12-099.3 CVE-2017-16410
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16411
BID
SECTRACK
CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS conversion module, when handling a JPEG resource. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16412
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the XPS to PDF conversion module, when processing TIFF files. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3 CVE-2017-16413
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript API module responsible for form field computation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16414
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is a part of the functionality that handles font encodings. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3 CVE-2017-16415
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3 CVE-2017-16416
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the font parsing module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16417
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16418
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3 CVE-2017-16420
BID
SECTRACK
CONFIRMadobe -- photoshopAn issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-097.5 CVE-2017-11303
BID
SECTRACK
CONFIRMadobe -- photoshopAn issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-097.5 CVE-2017-11304
BID
SECTRACK
CONFIRM Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files.2017-12-094.3 CVE-2017-16361
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin.2017-12-095.0 CVE-2017-16366
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc.2017-12-094.3 CVE-2017-16369
BID
SECTRACK
CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.2017-12-094.3 CVE-2017-16419
BID
SECTRACK
CONFIRMadobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3 CVE-2017-11287
BID
SECTRACK
CONFIRMadobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3 CVE-2017-11288
BID
SECTRACK
CONFIRMadobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3 CVE-2017-11289
BID
SECTRACK
CONFIRMadobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks.2017-12-094.3 CVE-2017-11290
BID
SECTRACK
CONFIRMadobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.2017-12-096.4 CVE-2017-11291
BID
SECTRACK
CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure.2017-12-094.3 CVE-2017-11273
BID
SECTRACK
CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0 CVE-2017-11297
BID
SECTRACK
CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0 CVE-2017-11298
BID
SECTRACK
CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0 CVE-2017-11299
BID
SECTRACK
CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0 CVE-2017-11300
BID
SECTRACK
CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0 CVE-2017-11301
BID
SECTRACK
CONFIRMadobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.2017-12-094.3 CVE-2017-11296
BID
SECTRACK
CONFIRMadobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.2017-12-094.3 CVE-2017-3109
BID
SECTRACK
CONFIRMadobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.2017-12-095.0 CVE-2017-3111
BID
SECTRACK
CONFIRM Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabiword -- abiword
*af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17529
MISCacdsee -- acdsee_ultimate_10.0.0.292
*A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability.2017-12-11not yet calculatedCVE-2017-2886
BID
MISCacti -- acti_cameras
*ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.2017-12-15not yet calculatedCVE-2017-3186
BID
MISC
MISC
CERT-VNacti -- acti_cameras
*ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_...e-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).2017-12-15not yet calculatedCVE-2017-3184
BID
MISC
MISC
CERT-VNacti -- acti_cameras
*ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.2017-12-15not yet calculatedCVE-2017-3185
BID
MISC
MISC
CERT-VNadobe -- acrobat
*An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11293
BID
SECTRACK
CONFIRMadobe -- dng
*An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11295
BID
CONFIRMadobe -- flash_playerAn issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11225
BID
SECTRACK
REDHAT
CONFIRM
GENTOOadobe -- flash_player
*An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-3114
BID
SECTRACK
REDHAT
CONFIRM
GENTOOadobe -- flash_player
*An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11215
BID
SECTRACK
REDHAT
CONFIRM
GENTOOadobe -- flash_player

*An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-11213
BID
SECTRACK
REDHAT
CONFIRM
GENTOOadobe -- flash_player
*A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.2017-12-13not yet calculatedCVE-2017-11305
BID
SECTRACK
CONFIRMadobe -- flash_player
*An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-3112
BID
SECTRACK
REDHAT
CONFIRM
GENTOOadobe -- indesign
*An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11302
BID
SECTRACK
CONFIRMadobe -- shockwave
*An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11294
BID
SECTRACK
CONFIRMamag_technologies -- symmetry_edge_network_door_controllers
*Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.2017-12-09not yet calculatedCVE-2017-16241
MISC
MISC
MISCapache -- fineract
*In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query.2017-12-14not yet calculatedCVE-2017-5663
MLISTapache -- synapse
*Due to the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions, Apache Synapse 3.0.0 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. To mitigate the issue upgrading to 3.0.1 version is required. In Synapse 3.0.1 version, Commons Collection has been updated to 3.2.2 version which contains the fix for the above mentioned vulnerability.2017-12-11not yet calculatedCVE-2017-15708
BID
MLISTasterisk -- multiple_products
*A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.2017-12-13not yet calculatedCVE-2017-17664
MISC
BID
MISC
MISCatlassian -- bamboo
*Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.2017-12-13not yet calculatedCVE-2017-14590
BID
CONFIRM
CONFIRMatlassian -- bamboo
*It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.2017-12-13not yet calculatedCVE-2017-14589
BID
CONFIRM
CONFIRMaubio -- aubio
*A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.2017-12-11not yet calculatedCVE-2017-17554
MISCbernard_parisse_giac -- bernard_parisse_giacInput.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17526
MISCbob_hepple_gjots2 -- bob_hepple_gjots2
*lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17535
MISCboxug -- trape

*Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17714
MISC
MISC
MISCboxug -- trape

*Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17713
MISC
MISC
MISC
MISC
MISCcisco -- asa_5500_series_routers
*A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.2017-12-15not yet calculatedCVE-2017-12373
CONFIRMcitrix -- multiple_productsCitrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.2017-12-13not yet calculatedCVE-2017-17382
BID
SECTRACK
MISC
CONFIRM
CERT-VNcitrix -- multiple_products
*Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.2017-12-13not yet calculatedCVE-2017-17549
BID
SECTRACK
CONFIRMcommvault -- edge_communication_service
*Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.2017-12-15not yet calculatedCVE-2017-3195
CONFIRM
MISC
BID
EXPLOIT-DB
CERT-VNcrowdfunding_software -- realestate_crowdfunding_script
*Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.2017-12-13not yet calculatedCVE-2017-17591
MISCd-link -- dir-130_firmware_version_1.23_and_dir-330_firmware_version_1.12
*D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.2017-12-15not yet calculatedCVE-2017-3191
MISC
CERT-VN
MISC
MISCd-link -- dir-130_firmware_version_1.23_and_dir-330_firmware_version_1.12
*D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.2017-12-15not yet calculatedCVE-2017-3192
MISC
CERT-VN
MISC
MISCd-link -- multiple_devices
*Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.2017-12-15not yet calculatedCVE-2017-3193
BID
MISC
MISC
CERT-VN
MISCelemental_path -- cognitoys_dino_smart_toys
*Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.2017-12-11not yet calculatedCVE-2017-8866
MISCelemental_path -- cognitoys_dino_smart_toys
*Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.2017-12-11not yet calculatedCVE-2017-8867
MISCelemental_path -- cognitoys_dino_smart_toys
*Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device.2017-12-11not yet calculatedCVE-2017-8865
MISCembedthis -- goahead
*Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.2017-12-12not yet calculatedCVE-2017-17562
MISC
MISCemc -- isilon_onefs
*In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.2017-12-13not yet calculatedCVE-2017-14380
CONFIRMerlang -- erlang
*The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).2017-12-12not yet calculatedCVE-2017-1000385
MLIST
MLIST
MLIST
BID
MISC
DEBIAN
CERT-VNexiv2 -- exiv2
*There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.2017-12-13not yet calculatedCVE-2017-17669
MISCffmpeg -- libswresample
*The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.2017-12-11not yet calculatedCVE-2017-17555
MISCflash_seats -- flash_seats_mobile_app_for_android
*Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.2017-12-15not yet calculatedCVE-2017-3190
BID
CERT-VN
MISCflippa-clone.com -- website_auction_marketplace
*Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.2017-12-13not yet calculatedCVE-2017-17592
MISCfontforge -- fontforge
*uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.2017-12-14not yet calculatedCVE-2017-17521
MISCfortinet -- forticlient_fortios
*An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.2017-12-13not yet calculatedCVE-2017-7738
BID
CONFIRMfortinet -- forticlient_windows
*A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.2017-12-14not yet calculatedCVE-2017-7344
BID
CONFIRMfortinet -- forticlient
*An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.2017-12-15not yet calculatedCVE-2017-14184
BID
CONFIRMfortunescripts.com -- N/A
*Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.2017-12-13not yet calculatedCVE-2017-17642
MISCfs -- amazon_clone
*FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.2017-12-13not yet calculatedCVE-2017-17572
MISCfs -- care_cloneFS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.2017-12-13not yet calculatedCVE-2017-17574
MISCfs -- crowdfunding_clone
*FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17578
MISCfs -- expedia_clone
*FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.2017-12-13not yet calculatedCVE-2017-17570
MISCfs -- expedia_clone
*FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.2017-12-13not yet calculatedCVE-2017-17573
MISCfs -- foodpanda_clone
*FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.2017-12-13not yet calculatedCVE-2017-17571
MISCfs -- freelancer_clone
*FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.2017-12-13not yet calculatedCVE-2017-17579
MISCfs -- gigs_clone
*FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.2017-12-13not yet calculatedCVE-2017-17576
MISCfs -- groupon_clone
*FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17575
MISCfs -- grubhub_clone
*FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.2017-12-13not yet calculatedCVE-2017-17582
MISCfs -- imdb_clone
*FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.2017-12-13not yet calculatedCVE-2017-17588
MISCfs -- indiamart_clone
*FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.2017-12-13not yet calculatedCVE-2017-17587
MISCfs -- linkedin_clone
*FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17580
MISCfs -- makemytrip_clone
*FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.2017-12-13not yet calculatedCVE-2017-17584
MISCfs -- monster_clone
*FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.2017-12-13not yet calculatedCVE-2017-17585
MISCfs -- olx_clone
*FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.2017-12-13not yet calculatedCVE-2017-17586
MISCfs -- quibids_clone
*FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.2017-12-13not yet calculatedCVE-2017-17581
MISCfs -- shutterstock_clone
*FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.2017-12-13not yet calculatedCVE-2017-17583
MISCfs -- stackoverflow_clone
*FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.2017-12-13not yet calculatedCVE-2017-17590
MISCfs -- thumbtack_clone
*FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.2017-12-13not yet calculatedCVE-2017-17589
MISCfs -- trademe_clone
*FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17577
MISCgeomview -- geomview
*common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17530
MISCgnu_global -- gnu_global
*gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17531
MISCgraphicsmagick -- graphicsmagick
*ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17500
CONFIRM
BID
CONFIRMgraphicsmagick -- graphicsmagick
*WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17501
CONFIRM
BID
CONFIRMgraphicsmagick -- graphicsmagick
*ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17502
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagick
*ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17503
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagick
*WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.2017-12-10not yet calculatedCVE-2017-17498
CONFIRM
BID
CONFIRMharbor -- harbor
*The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.2017-12-15not yet calculatedCVE-2017-17697
MISChdf5 -- hdf5
*In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17507
MISChdf5 -- hdf5
*In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17505
MISChdf5 -- hdf5
*In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17506
MISChdf5 -- hdf5
*In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17509
MISChdf5 -- hdf5
*In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17508
MISChuawei*-- multiple_products
*Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.2017-12-11not yet calculatedCVE-2014-8358
CONFIRM
BID
MISCibm -- connections_engagement_center

IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005.2017-12-11not yet calculatedCVE-2017-1683
CONFIRM
BID
MISCibm -- connections
*IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.2017-12-11not yet calculatedCVE-2017-1613
CONFIRM
BID
MISCibm -- doors_next_generation
*IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915.2017-12-13not yet calculatedCVE-2017-1546
CONFIRM
BID
MISCibm -- financial_transaction_manager_for_multi-platform
*IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.2017-12-11not yet calculatedCVE-2017-1606
CONFIRM
BID
MISCibm -- inotes
*IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2017-12-13not yet calculatedCVE-2017-1421
CONFIRM
BID
SECTRACK
MISCibm -- jazz_foundation_products
*IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.2017-12-11not yet calculatedCVE-2017-1507
CONFIRM
MISCibm -- maximo_asset_management
*IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.2017-12-13not yet calculatedCVE-2017-1558
CONFIRM
MISCibm -- sterling_file_gateway
*IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290.2017-12-11not yet calculatedCVE-2017-1550
CONFIRM
BID
MISCibm -- sterling_file_gateway
*IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289.2017-12-11not yet calculatedCVE-2017-1549
CONFIRM
BID
MISCibm -- sterling_file_gateway
*IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.2017-12-11not yet calculatedCVE-2017-1548
CONFIRM
BID
MISCibm -- sterling_file_gateway
*IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178.2017-12-11not yet calculatedCVE-2017-1632
CONFIRM
BID
MISCibm -- support_tools_for_lotus_wcm
*IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733.2017-12-11not yet calculatedCVE-2017-1536
CONFIRM
BID
MISCibm -- tivoli_monitoring
*IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.2017-12-13not yet calculatedCVE-2017-1635
CONFIRM
BID
MISCibm -- tivoli_workload_scheduler
*IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.2017-12-13not yet calculatedCVE-2017-1716
CONFIRM
BID
MISCibm -- websphere_mq
*IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.2017-12-11not yet calculatedCVE-2017-1760
CONFIRM
MISCicu -- international_components_for_unicode_for_c/c++
*The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.2017-12-10not yet calculatedCVE-2017-17484
MISC
MISC
MISC
MISC
MISC
MISCidevicerestore -- idevicerestore
*The socket_create function in socket.c in idevicerestore through 2017-12-10 allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket, a similar issue to CVE-2016-5104.2017-12-10not yet calculatedCVE-2017-17496
MISCimagemagick -- imagemagick
*In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.2017-12-14not yet calculatedCVE-2017-17682
CONFIRMimagemagick -- imagemagick
*ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.2017-12-10not yet calculatedCVE-2017-17504
CONFIRMimagemagick -- imagemagick
*In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.2017-12-14not yet calculatedCVE-2017-17680
CONFIRMimagemagick -- imagemagick
*In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.2017-12-14not yet calculatedCVE-2017-17681
CONFIRMimagemagick -- imagemagick
*ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.2017-12-10not yet calculatedCVE-2017-17499
BID
CONFIRM
CONFIRM
CONFIRMintel -- graphics_driver
*Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.2017-12-12not yet calculatedCVE-2017-5717
CONFIRMk7 -- antivirus_15.1.0309
*K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17700
MISCk7 -- antivirus_15.1.0309
*K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17701
MISCk7 -- antivirus_15.1.0309
*K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17699
MISCkaspersky -- embedded_systems_security
*Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.2017-12-08not yet calculatedCVE-2017-12823
BID
CONFIRMkildclient -- kildclient
*KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.2017-12-14not yet calculatedCVE-2017-17511
MISCkiwi -- kiwi
*examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17532
MISClandesk*-- management_suite
*In LANDESK Management Suite 2016.4 and 2017.x, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.2017-12-11not yet calculatedCVE-2017-11463
MISClegion_of_the_bouncy_castle -- bouncycastle_tls
*BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."2017-12-12not yet calculatedCVE-2017-13098
CERT-VN
BID
CONFIRM
MISClib/ecstatic.js*-- lib/ecstatic.js
*A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.2017-12-14not yet calculatedCVE-2016-10703
MISC
MISClilypond -- lilypond
*lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.2017-12-11not yet calculatedCVE-2017-17523
MISC
MISC
MISClinux -- kernel
*The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.2017-12-12not yet calculatedCVE-2017-17558
MISC
MISClinux*-- kernel
*The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.2017-12-15not yet calculatedCVE-2017-17712
CONFIRM
CONFIRMlinux*-- kernel
*The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.2017-12-11not yet calculatedCVE-2017-1000407
MLIST
BID
CONFIRM
MLISTmaplesoft -- maple_t.a.
*A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688.2017-12-16not yet calculatedCVE-2017-14134
MISCmathias_kettner -- check_mk
*A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.2017-12-11not yet calculatedCVE-2017-11507
CONFIRM
MISCmckesson_medical_imaging_company -- conserus_image_repository_archive_solution
*A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker.2017-12-15not yet calculatedCVE-2017-14101
MISCmckesson_medical_imaging_company -- conserus_workflow_intelligence_application
*Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users.2017-12-15not yet calculatedCVE-2017-16776
MISCmeinberg -- lantime_devicesDirectory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.2017-12-15not yet calculatedCVE-2017-16788
FULLDISCmeinberg -- lantime_devices
*The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.2017-12-15not yet calculatedCVE-2017-16787
FULLDISC
FULLDISCmensis -- mensis
*uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521.2017-12-14not yet calculatedCVE-2017-17534
MISCmetview -- metview
*etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17515
MISCmicro_focus -- project_and_portfolio_management_center
*Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack.2017-12-12not yet calculatedCVE-2017-14361
CONFIRMmicro_focus -- project_and_portfolio_management_center
*Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.2017-12-12not yet calculatedCVE-2017-14362
CONFIRMmicrosoft -- chakracore
*ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11916
BID
CONFIRMmicrosoft -- device_guard

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".2017-12-12not yet calculatedCVE-2017-11899
BID
SECTRACK
CONFIRMmicrosoft -- exchance_server
*Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".2017-12-12not yet calculatedCVE-2017-11932
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919.2017-12-12not yet calculatedCVE-2017-11887
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
*Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11901
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
*Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11903
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
*Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11913
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
*Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11907
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
*Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919.2017-12-12not yet calculatedCVE-2017-11906
BID
SECTRACK
CONFIRMmicrosoft -- malware_protection_engine
*The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937.2017-12-08not yet calculatedCVE-2017-11940
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".2017-12-12not yet calculatedCVE-2017-11888
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11912
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_products

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11893
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11918
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11894
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_products

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11895
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_productsChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11911
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11890
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11889
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
*ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11909
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
*ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11910
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
*ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11908
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
*ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11914
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
*ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916.2017-12-12not yet calculatedCVE-2017-11930
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
*ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11905
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
*ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.2017-12-12not yet calculatedCVE-2017-11919
BID
SECTRACK
CONFIRMmicrosoft -- office_2016_click-to-run
*Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".2017-12-12not yet calculatedCVE-2017-11935
BID
SECTRACK
CONFIRMmicrosoft -- office_2016_click-to-run
*Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11939
BID
SECTRACK
CONFIRMmicrosoft -- office
*Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11934
BID
SECTRACK
CONFIRMmicrosoft -- sharepoint_enterprise_server_2016
*Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".2017-12-12not yet calculatedCVE-2017-11936
BID
SECTRACK
CONFIRMmicrosoft -- windows

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".2017-12-12not yet calculatedCVE-2017-11885
BID
SECTRACK
CONFIRMmicrosoft -- windows

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11886
BID
SECTRACK
CONFIRMmicrosoft -- windows
*Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11927
BID
SECTRACK
CONFIRMmikrotik -- multiple_devices
*MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.2017-12-13not yet calculatedCVE-2017-17538
EXPLOIT-DBmikrotik -- routerboard
*MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.2017-12-13not yet calculatedCVE-2017-17537
EXPLOIT-DBmobotap -- dolphin_browser_for_android
*The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a specific executable in the Dolphin Browser's data directory with a crafted malicious executable. Every time the Dolphin Browser is launched, it will attempt to run the malicious executable from disk, thus executing the attacker's code.2017-12-11not yet calculatedCVE-2017-17551
MISCmobotap -- dolphin_browser_for_android
*The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.2017-12-11not yet calculatedCVE-2017-17553
MISCnip2 -- nip2
*** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable.2017-12-14not yet calculatedCVE-2017-17514
MISCnode.js -- node.js
*Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.2017-12-11not yet calculatedCVE-2017-15896
CONFIRMnode.js -- node.js
*Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.2017-12-11not yet calculatedCVE-2017-15897
CONFIRMocaml -- ocaml_batteries_included
*batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17519
MISCoctopus -- octopus_deploy
*In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.2017-12-13not yet calculatedCVE-2017-17665
CONFIRMopenstack*-- openstack
*A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.2017-12-12not yet calculatedCVE-2017-12155
CONFIRM
CONFIRMpalo_alto_networks -- globalprotect_agent
*Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."2017-12-11not yet calculatedCVE-2017-15870
BID
CONFIRMpalo_alto_networks -- pan-os
*The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.2017-12-11not yet calculatedCVE-2017-15943
BID
SECTRACK
CONFIRMpalo_alto_networks -- pan-os
*Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface.2017-12-11not yet calculatedCVE-2017-15942
BID
SECTRACK
CONFIRMpalo_alto_networks -- pan-os
*The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.2017-12-11not yet calculatedCVE-2017-15940
BID
SECTRACK
CONFIRMpalo_alto_networks -- pan-os
*Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.2017-12-11not yet calculatedCVE-2017-15944
BID
SECTRACK
CONFIRMpanda_security -- panda_global_protection
*Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.2017-12-14not yet calculatedCVE-2017-17684
MISCpanda_security -- panda_global_protection
*Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.2017-12-14not yet calculatedCVE-2017-17683
MISCpandora -- ios_app
*Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.2017-12-15not yet calculatedCVE-2017-3194
BID
MISC
CERT-VN
MISCpasdoc -- pasdoc
*** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used.2017-12-14not yet calculatedCVE-2017-17527
MISCpcausa -- rawether_framework
*PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.2017-12-15not yet calculatedCVE-2017-3196
MISC
BID
MISC
CERT-VNphabricator -- phabricator
*Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.2017-12-11not yet calculatedCVE-2017-17536
MISC
MISCphoenix_contact -- fl_comserver
*A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.2017-12-11not yet calculatedCVE-2017-16723
BID
MISC
MISCphpscriptsmall.com -- advance_b2b_script
*Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.2017-12-13not yet calculatedCVE-2017-17602
MISCphpscriptsmall.com -- advance_online_learning_managment_script
*Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.2017-12-13not yet calculatedCVE-2017-17599
MISCphpscriptsmall.com -- advanced_real_estate_script
*Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.2017-12-13not yet calculatedCVE-2017-17603
MISCphpscriptsmall.com -- advanced_world_database
*Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.2017-12-13not yet calculatedCVE-2017-17640
MISCphpscriptsmall.com -- affiliate_mlm_script
*Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.2017-12-13not yet calculatedCVE-2017-17598
MISCphpscriptsmall.com -- basic_b2b_script
*Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17600
MISCphpscriptsmall.com -- beauty_parlour_booking_script
*Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.2017-12-13not yet calculatedCVE-2017-17595
MISCphpscriptsmall.com -- cab_booking_script
*Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.2017-12-13not yet calculatedCVE-2017-17601
MISCphpscriptsmall.com -- car_rental_script
*Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.2017-12-13not yet calculatedCVE-2017-17637
MISCphpscriptsmall.com -- chartered_accountant_booking_script
*Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.2017-12-13not yet calculatedCVE-2017-17609
MISCphpscriptsmall.com -- child_care_script
*Child Care Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17608
MISCphpscriptsmall.com -- cms_auditor_website
*CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.2017-12-13not yet calculatedCVE-2017-17607
MISCphpscriptsmall.com -- co-work_space_search_script
*Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17606
MISCphpscriptsmall.com -- consumer_complaints_clone_script
*Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.2017-12-13not yet calculatedCVE-2017-17605
MISCphpscriptsmall.com -- doctor_search_script

*Doctor Search Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17611
MISCphpscriptsmall.com -- domainsale_php_script
*DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.2017-12-13not yet calculatedCVE-2017-17594
MISCphpscriptsmall.com -- e-commerce_mlm_software

*E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.2017-12-13not yet calculatedCVE-2017-17610
MISCphpscriptsmall.com -- entrepreneur_bus_booking_script
*Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.2017-12-13not yet calculatedCVE-2017-17604
MISCphpscriptsmall.com -- entrepreneur_dating_script
*Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.2017-12-13not yet calculatedCVE-2017-17648
EXPLOIT-DBphpscriptsmall.com -- entrepreneur_job_portal_script
*Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.2017-12-13not yet calculatedCVE-2017-17596
MISCphpscriptsmall.com -- event_search_script
*Event Search Script 1.0 has SQL Injection via the /event-list city parameter.2017-12-13not yet calculatedCVE-2017-17616
MISCphpscriptsmall.com -- facebook_clone_script

*Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.2017-12-13not yet calculatedCVE-2017-17615
MISCphpscriptsmall.com -- food_order_script

*Food Order Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17614
MISCphpscriptsmall.com -- foodspotting_clone_script
*Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.2017-12-13not yet calculatedCVE-2017-17617
MISCphpscriptsmall.com -- freelance_website_script

*Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.2017-12-13not yet calculatedCVE-2017-17613
MISCphpscriptsmall.com -- groupon_clone_script
*Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.2017-12-13not yet calculatedCVE-2017-17638
MISCphpscriptsmall.com -- hot_scripts_clone
*Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.2017-12-13not yet calculatedCVE-2017-17612
MISCphpscriptsmall.com -- kickstarter_clone_script
*Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.2017-12-13not yet calculatedCVE-2017-17618
MISCphpscriptsmall.com -- laundry_booking_script
*Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17619
MISC
MISCphpscriptsmall.com -- lawyer_search_script
*Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.2017-12-13not yet calculatedCVE-2017-17620
MISCphpscriptsmall.com -- mlm_forced_matrix
*MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.2017-12-13not yet calculatedCVE-2017-17636
MISCphpscriptsmall.com -- mlm_forex_market_plan_script
*MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.2017-12-13not yet calculatedCVE-2017-17635
MISCphpscriptsmall.com -- multiplex_movie_theater_booking_script
*Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.2017-12-13not yet calculatedCVE-2017-17633
MISCphpscriptsmall.com -- multireligion_responsive_matrimonial
*Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.2017-12-13not yet calculatedCVE-2017-17631
MISCphpscriptsmall.com -- multivendor_penny_auction_clone_script
*Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.2017-12-13not yet calculatedCVE-2017-17621
MISC
MISCphpscriptsmall.com -- muslim_matrimonial_script
*Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.2017-12-13not yet calculatedCVE-2017-17639
MISCphpscriptsmall.com -- nearbuy_clone_script
*Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.2017-12-13not yet calculatedCVE-2017-17597
MISCphpscriptsmall.com -- online_exam_test_application_script
*Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.2017-12-13not yet calculatedCVE-2017-17622
MISC
MISCphpscriptsmall.com -- opensource_classified_ads_script

*Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.2017-12-13not yet calculatedCVE-2017-17623
MISCphpscriptsmall.com -- php_multivendor_ecommerce
*PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.2017-12-13not yet calculatedCVE-2017-17624
MISCphpscriptsmall.com -- professional_service_script
*Professional Service Script 1.0 has SQL Injection via the service-list city parameter.2017-12-13not yet calculatedCVE-2017-17625
MISCphpscriptsmall.com -- readymade_php_classified_script
*Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.2017-12-13not yet calculatedCVE-2017-17626
MISCphpscriptsmall.com -- readymade_video_sharing_script
*Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.2017-12-13not yet calculatedCVE-2017-17627
MISCphpscriptsmall.com -- responsive_events_and_movie_ticket_booking_scriptR esponsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.2017-12-13not yet calculatedCVE-2017-17632
MISCphpscriptsmall.com -- responsive_realestate_script
*Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.2017-12-13not yet calculatedCVE-2017-17628
MISCphpscriptsmall.com -- resume_clone_script
*Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.2017-12-13not yet calculatedCVE-2017-17641
MISCphpscriptsmall.com -- secure_e-commerce_script
*Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.2017-12-13not yet calculatedCVE-2017-17629
MISCphpscriptsmall.com -- single_theater_booking_script
*Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.2017-12-13not yet calculatedCVE-2017-17634
MISCphpscriptsmall.com -- yoga_class_script
*Yoga Class Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17630
MISCphusion_passenger -- phusion_passenger
*In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.2017-12-14not yet calculatedCVE-2017-16355
CONFIRM
CONFIRMposty -- readymade_classifieds_script
*Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.2017-12-11not yet calculatedCVE-2017-17111
MISCposty -- scubez_posty_readymade_classifieds
*Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.2017-12-13not yet calculatedCVE-2017-17567
MISCposty -- scubez_posty_readymade_classifieds
*Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter.2017-12-13not yet calculatedCVE-2017-17569
MISCposty -- scubez_posty_readymade_classifieds
*Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request.2017-12-13not yet calculatedCVE-2017-17568
MISCppm_2000 -- perspective_icm

*Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms.2017-12-11not yet calculatedCVE-2017-11319
MISCpuppet*-- puppet_enterprise
*Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect.2017-12-11not yet calculatedCVE-2015-6502
CONFIRMpuppet*-- puppet_enterprise

*The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.2017-12-11not yet calculatedCVE-2015-8470
CONFIRMpuppet*-- puppetlabs-apache
*The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.2017-12-11not yet calculatedCVE-2014-3250
CONFIRM
CONFIRMpython -- python
*Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17522
MISCqnap -- qsync_for_windows
*A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines.2017-12-11not yet calculatedCVE-2017-13070
CONFIRMqt_company*-- qt_for_android
*A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.2017-12-15not yet calculatedCVE-2017-10905
CONFIRM
JVNqt_company*-- qt_for_android
*Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-12-15not yet calculatedCVE-2017-10904
CONFIRM
JVNradware -- alteon_devices
*Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.2017-12-13not yet calculatedCVE-2017-17427
BID
MISC
CONFIRM
CERT-VNrapid7 -- nexpose
*Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.2017-12-14not yet calculatedCVE-2017-5264
CONFIRMreddit -- reddit_terminal_viewer
*scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17516
MISCruby -- ruby
*Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.2017-12-15not yet calculatedCVE-2017-17405
CONFIRM
CONFIRMsap -- business_intelligence_promotion_management_applica tion
*Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.2017-12-12not yet calculatedCVE-2017-16681
BID
CONFIRM
CONFIRMsap -- business_intelligence_promotion_management_applica tion
*SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.2017-12-12not yet calculatedCVE-2017-16684
BID
CONFIRM
CONFIRMsap -- business_objects_platform
*Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.2017-12-12not yet calculatedCVE-2017-16683
BID
CONFIRM
CONFIRMsap -- business_warehouse_universal_data_integration
*Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.2017-12-12not yet calculatedCVE-2017-16685
BID
CONFIRM
CONFIRMsap -- hana
*The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.2017-12-12not yet calculatedCVE-2017-16687
BID
CONFIRM
CONFIRMsap -- hana
*Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct.2017-12-12not yet calculatedCVE-2017-16680
BID
CONFIRM
CONFIRMsap -- kernel
*A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.2017-12-12not yet calculatedCVE-2017-16689
BID
CONFIRM
CONFIRMsap -- netweaver_internet_transaction_server
*SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.2017-12-12not yet calculatedCVE-2017-16682
BID
CONFIRM
CONFIRMsap -- netweaver_knowledge_management_configuration_servi ce
*Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.2017-12-12not yet calculatedCVE-2017-16678
BID
CONFIRM
CONFIRMsap -- note_assistant_tool
*SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.2017-12-12not yet calculatedCVE-2017-16691
CONFIRM
CONFIRMsap -- plant_connectivity
*A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed.2017-12-12not yet calculatedCVE-2017-16690
BID
CONFIRM
CONFIRMsap -- startup_service
*URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.2017-12-12not yet calculatedCVE-2017-16679
BID
CONFIRM
CONFIRMscummvm -- scummvm
*backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17528
MISCseacms -- seacms
*SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.2017-12-12not yet calculatedCVE-2017-17561
MISC
MISCsensible-utils -- sensible-utils
*sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.2017-12-11not yet calculatedCVE-2017-17512
MISC
MISCsinology -- mailplus_server
*Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.2017-12-15not yet calculatedCVE-2017-15890
CONFIRMswi-prolog -- swi-prolog
*library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17524
MISCsylpheed -- sylpheed
*libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17517
MISCsymantec -- norton_family_android_app
*Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings.2017-12-13not yet calculatedCVE-2017-15530
BID
CONFIRMsymantec -- norton_family_android_app
*Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.2017-12-13not yet calculatedCVE-2017-15529
BID
CONFIRMsynaptics -- touchpad_drivers
*A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.2017-12-15not yet calculatedCVE-2017-17556
HP
CONFIRM
MISCtechno -- portfolio_management_panel
*Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.2017-12-11not yet calculatedCVE-2017-17110
MISCtechno -- portfolio_management_panel
*Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.2017-12-15not yet calculatedCVE-2017-17695
MISCtechno -- portfolio_management_panel
*Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.2017-12-15not yet calculatedCVE-2017-17696
MISCtechno -- portfolio_management_panel
*Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.2017-12-15not yet calculatedCVE-2017-17694
MISCtechno -- portfolio_management_panel
*Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.2017-12-15not yet calculatedCVE-2017-17693
MISCtelegram – telegram_messenger
*The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.2017-12-16not yet calculatedCVE-2017-17715
MISCtex_live -- tex_live
*TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.2017-12-14not yet calculatedCVE-2017-17513
MISCtibbr -- tibbr_community_and_tibbr_enterprise
*The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.2017-12-12not yet calculatedCVE-2017-5530
CONFIRMtibbr -- tibbr_community_and_tibbr_enterprise
*The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.2017-12-12not yet calculatedCVE-2017-5534
CONFIRMtibco -- businessworks_process_monitor
*Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface.2017-12-10not yet calculatedCVE-2017-16789
MISCtidy -- tidy
*In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.2017-12-10not yet calculatedCVE-2017-17497
CONFIRMtin -- tin
*** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs."2017-12-14not yet calculatedCVE-2017-17520
MISCtkabber -- tkabber
*default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17533
MISCtrend_micro -- encryption_for_mail
*A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.2017-12-15not yet calculatedCVE-2017-11397
MISC
CONFIRMtrend_micro -- scanmail_for_exchange
*The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.2017-12-15not yet calculatedCVE-2017-14093
CONFIRM
MISCtrend_micro -- scanmail_for_exchange
*The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.2017-12-15not yet calculatedCVE-2017-14092
CONFIRM
MISCtrend_micro -- scanmail_for_exchange
*A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.2017-12-15not yet calculatedCVE-2017-14090
CONFIRM
MISCtrend_micro -- scanmail_for_exchange
*A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.2017-12-15not yet calculatedCVE-2017-14091
CONFIRM
MISCvbulletin -- vbulletin
*vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file.2017-12-13not yet calculatedCVE-2017-17671
MISCvbulletin -- vbulletin
*In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.2017-12-13not yet calculatedCVE-2017-17672
MISCvideolan -- vlc_media_player
*In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.2017-12-15not yet calculatedCVE-2017-17670
MISCvmware -- airwatch_console
*VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.2017-12-12not yet calculatedCVE-2017-4942
BID
SECTRACK
CONFIRMvmware*-- vasa_provider
*Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.2017-12-11not yet calculatedCVE-2016-6904
CONFIRMwestern_digital -- mycloud_pr4100_2.30.172_devices
*An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.2017-12-12not yet calculatedCVE-2017-17560
MISC
MISCwhite_dune -- white_dune
*swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17518
MISCwolfssl -- wolfssl
*wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."2017-12-12not yet calculatedCVE-2017-13099
CERT-VN
BID
CONFIRM
MISCxen -- xen
*An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.2017-12-12not yet calculatedCVE-2017-17563
CONFIRM
CONFIRMxen -- xen
*An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.2017-12-12not yet calculatedCVE-2017-17565
CONFIRM
CONFIRMxen -- xen
*An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.2017-12-12not yet calculatedCVE-2017-17566
CONFIRM
CONFIRM
xen -- xen
*An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.2017-12-12not yet calculatedCVE-2017-17564
CONFIRM
CONFIRMxtuple_postbooks -- xtuple_postbooks
*guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17525
MISCyourphpscript.com -- simple_chatting_system
*Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.2017-12-13not yet calculatedCVE-2017-17593
MISCzoho -- manageengine_password_manager_pro_9
*Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.2017-12-15not yet calculatedCVE-2017-17698
@#926#Back to top
This product is provided subject to this Notification and this Privacy & Use policy.

More...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode