|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
SB17-352: Vulnerability Summary for the Week of December 11, 2017
SB17-352: Vulnerability Summary for the Week of December 11, 2017
12-17-2017 09:24 PM Original release date: December 18, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16360 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack.2017-12-099.3CVE-2017-16362 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16363 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16364 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16365 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack.2017-12-099.3CVE-2017-16367 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory.2017-12-099.3CVE-2017-16368 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16370 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaScript engine. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16371 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure.2017-12-099.3CVE-2017-16372 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16373 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16374 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaSscript API engine. In this scenario, the JavaScript input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16375 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the MakeAccessible plugin. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16376 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.2017-12-099.3CVE-2017-16377 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized; the computation occurs during internal AST thread manipulation. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.2017-12-099.3CVE-2017-16378 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine.2017-12-099.3CVE-2017-16379 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt.2017-12-099.3CVE-2017-16380 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value when processing TIFF files embedded within an XPS document. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16381 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16382 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document.2017-12-099.3CVE-2017-16383 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16384 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in TIFF parsing during XPS conversion. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16385 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS2PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16386 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG2000 codec. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16387 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16388 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16389 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine API. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16390 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.2017-12-099.3CVE-2017-16391 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the JPEG processing module. Crafted input with an unexpected JPEG file segment size causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16392 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16393 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16394 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16395 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the TIFF processing module. Crafted input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16396 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16397 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16398 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16399 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG 2000 parser. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16400 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of an image conversion, specifically in Enhanced Metafile Format Plus (EMF +) processing modules. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16401 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JPEG 2000 module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16402 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16403 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16404 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of Acrobat's page display functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16405 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion vulnerability in the EMF processing module. The issue causes the program to access an object using an incompatible type, leading to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack.2017-12-099.3CVE-2017-16406 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of handling an EMF EMR_BITBLT record. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16407 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16408 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the Adobe graphics module responsible for displaying textual data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16409 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the image conversion module, when processing GIF files. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.2017-12-099.3CVE-2017-16410 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16411 BID SECTRACK CONFIRMadobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS conversion module, when handling a JPEG resource. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16412 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the XPS to PDF conversion module, when processing TIFF files. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16413 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript API module responsible for form field computation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16414 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is a part of the functionality that handles font encodings. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16415 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16416 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the font parsing module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16417 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16418 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16420 BID SECTRACK CONFIRMadobe -- photoshopAn issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-097.5CVE-2017-11303 BID SECTRACK CONFIRMadobe -- photoshopAn issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-097.5CVE-2017-11304 BID SECTRACK CONFIRMBack to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files.2017-12-094.3CVE-2017-16361 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin.2017-12-095.0CVE-2017-16366 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc.2017-12-094.3CVE-2017-16369 BID SECTRACK CONFIRMadobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.2017-12-094.3CVE-2017-16419 BID SECTRACK CONFIRMadobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3CVE-2017-11287 BID SECTRACK CONFIRMadobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3CVE-2017-11288 BID SECTRACK CONFIRMadobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3CVE-2017-11289 BID SECTRACK CONFIRMadobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks.2017-12-094.3CVE-2017-11290 BID SECTRACK CONFIRMadobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.2017-12-096.4CVE-2017-11291 BID SECTRACK CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure.2017-12-094.3CVE-2017-11273 BID SECTRACK CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11297 BID SECTRACK CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11298 BID SECTRACK CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11299 BID SECTRACK CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11300 BID SECTRACK CONFIRMadobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11301 BID SECTRACK CONFIRMadobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.2017-12-094.3CVE-2017-11296 BID SECTRACK CONFIRMadobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.2017-12-094.3CVE-2017-3109 BID SECTRACK CONFIRMadobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.2017-12-095.0CVE-2017-3111 BID SECTRACK CONFIRMBack to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top * Severity Not Yet Assigned Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabiword -- abiword *af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17529 MISCacdsee -- acdsee_ultimate_10.0.0.292 *A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability.2017-12-11not yet calculatedCVE-2017-2886 BID MISCacti -- acti_cameras *ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.2017-12-15not yet calculatedCVE-2017-3186 BID MISC MISC CERT-VNacti -- acti_cameras *ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_...e-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).2017-12-15not yet calculatedCVE-2017-3184 BID MISC MISC CERT-VNacti -- acti_cameras *ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.2017-12-15not yet calculatedCVE-2017-3185 BID MISC MISC CERT-VNadobe -- acrobat *An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11293 BID SECTRACK CONFIRMadobe -- dng *An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11295 BID CONFIRMadobe -- flash_playerAn issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11225 BID SECTRACK REDHAT CONFIRM GENTOOadobe -- flash_player *An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-3114 BID SECTRACK REDHAT CONFIRM GENTOOadobe -- flash_player *An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11215 BID SECTRACK REDHAT CONFIRM GENTOOadobe -- flash_player *An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-11213 BID SECTRACK REDHAT CONFIRM GENTOOadobe -- flash_player *A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.2017-12-13not yet calculatedCVE-2017-11305 BID SECTRACK CONFIRMadobe -- flash_player *An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-3112 BID SECTRACK REDHAT CONFIRM GENTOOadobe -- indesign *An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11302 BID SECTRACK CONFIRMadobe -- shockwave *An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11294 BID SECTRACK CONFIRMamag_technologies -- symmetry_edge_network_door_controllers *Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.2017-12-09not yet calculatedCVE-2017-16241 MISC MISC MISCapache -- fineract *In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query.2017-12-14not yet calculatedCVE-2017-5663 MLISTapache -- synapse *Due to the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions, Apache Synapse 3.0.0 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. To mitigate the issue upgrading to 3.0.1 version is required. In Synapse 3.0.1 version, Commons Collection has been updated to 3.2.2 version which contains the fix for the above mentioned vulnerability.2017-12-11not yet calculatedCVE-2017-15708 BID MLISTasterisk -- multiple_products *A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.2017-12-13not yet calculatedCVE-2017-17664 MISC BID MISC MISCatlassian -- bamboo *Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.2017-12-13not yet calculatedCVE-2017-14590 BID CONFIRM CONFIRMatlassian -- bamboo *It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.2017-12-13not yet calculatedCVE-2017-14589 BID CONFIRM CONFIRMaubio -- aubio *A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.2017-12-11not yet calculatedCVE-2017-17554 MISCbernard_parisse_giac -- bernard_parisse_giacInput.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17526 MISCbob_hepple_gjots2 -- bob_hepple_gjots2 *lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17535 MISCboxug -- trape *Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17714 MISC MISC MISCboxug -- trape *Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17713 MISC MISC MISC MISC MISCcisco -- asa_5500_series_routers *A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.2017-12-15not yet calculatedCVE-2017-12373 CONFIRMcitrix -- multiple_productsCitrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.2017-12-13not yet calculatedCVE-2017-17382 BID SECTRACK MISC CONFIRM CERT-VNcitrix -- multiple_products *Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.2017-12-13not yet calculatedCVE-2017-17549 BID SECTRACK CONFIRMcommvault -- edge_communication_service *Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.2017-12-15not yet calculatedCVE-2017-3195 CONFIRM MISC BID EXPLOIT-DB CERT-VNcrowdfunding_software -- realestate_crowdfunding_script *Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.2017-12-13not yet calculatedCVE-2017-17591 MISCd-link -- dir-130_firmware_version_1.23_and_dir-330_firmware_version_1.12 *D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.2017-12-15not yet calculatedCVE-2017-3191 MISC CERT-VN MISC MISCd-link -- dir-130_firmware_version_1.23_and_dir-330_firmware_version_1.12 *D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.2017-12-15not yet calculatedCVE-2017-3192 MISC CERT-VN MISC MISCd-link -- multiple_devices *Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.2017-12-15not yet calculatedCVE-2017-3193 BID MISC MISC CERT-VN MISCelemental_path -- cognitoys_dino_smart_toys *Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.2017-12-11not yet calculatedCVE-2017-8866 MISCelemental_path -- cognitoys_dino_smart_toys *Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.2017-12-11not yet calculatedCVE-2017-8867 MISCelemental_path -- cognitoys_dino_smart_toys *Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device.2017-12-11not yet calculatedCVE-2017-8865 MISCembedthis -- goahead *Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.2017-12-12not yet calculatedCVE-2017-17562 MISC MISCemc -- isilon_onefs *In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.2017-12-13not yet calculatedCVE-2017-14380 CONFIRMerlang -- erlang *The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).2017-12-12not yet calculatedCVE-2017-1000385 MLIST MLIST MLIST BID MISC DEBIAN CERT-VNexiv2 -- exiv2 *There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.2017-12-13not yet calculatedCVE-2017-17669 MISCffmpeg -- libswresample *The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.2017-12-11not yet calculatedCVE-2017-17555 MISCflash_seats -- flash_seats_mobile_app_for_android *Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.2017-12-15not yet calculatedCVE-2017-3190 BID CERT-VN MISCflippa-clone.com -- website_auction_marketplace *Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.2017-12-13not yet calculatedCVE-2017-17592 MISCfontforge -- fontforge *uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.2017-12-14not yet calculatedCVE-2017-17521 MISCfortinet -- forticlient_fortios *An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.2017-12-13not yet calculatedCVE-2017-7738 BID CONFIRMfortinet -- forticlient_windows *A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.2017-12-14not yet calculatedCVE-2017-7344 BID CONFIRMfortinet -- forticlient *An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.2017-12-15not yet calculatedCVE-2017-14184 BID CONFIRMfortunescripts.com -- N/A *Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.2017-12-13not yet calculatedCVE-2017-17642 MISCfs -- amazon_clone *FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.2017-12-13not yet calculatedCVE-2017-17572 MISCfs -- care_cloneFS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.2017-12-13not yet calculatedCVE-2017-17574 MISCfs -- crowdfunding_clone *FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17578 MISCfs -- expedia_clone *FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.2017-12-13not yet calculatedCVE-2017-17570 MISCfs -- expedia_clone *FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.2017-12-13not yet calculatedCVE-2017-17573 MISCfs -- foodpanda_clone *FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.2017-12-13not yet calculatedCVE-2017-17571 MISCfs -- freelancer_clone *FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.2017-12-13not yet calculatedCVE-2017-17579 MISCfs -- gigs_clone *FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.2017-12-13not yet calculatedCVE-2017-17576 MISCfs -- groupon_clone *FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17575 MISCfs -- grubhub_clone *FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.2017-12-13not yet calculatedCVE-2017-17582 MISCfs -- imdb_clone *FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.2017-12-13not yet calculatedCVE-2017-17588 MISCfs -- indiamart_clone *FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.2017-12-13not yet calculatedCVE-2017-17587 MISCfs -- linkedin_clone *FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17580 MISCfs -- makemytrip_clone *FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.2017-12-13not yet calculatedCVE-2017-17584 MISCfs -- monster_clone *FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.2017-12-13not yet calculatedCVE-2017-17585 MISCfs -- olx_clone *FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.2017-12-13not yet calculatedCVE-2017-17586 MISCfs -- quibids_clone *FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.2017-12-13not yet calculatedCVE-2017-17581 MISCfs -- shutterstock_clone *FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.2017-12-13not yet calculatedCVE-2017-17583 MISCfs -- stackoverflow_clone *FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.2017-12-13not yet calculatedCVE-2017-17590 MISCfs -- thumbtack_clone *FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.2017-12-13not yet calculatedCVE-2017-17589 MISCfs -- trademe_clone *FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17577 MISCgeomview -- geomview *common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17530 MISCgnu_global -- gnu_global *gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17531 MISCgraphicsmagick -- graphicsmagick *ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17500 CONFIRM BID CONFIRMgraphicsmagick -- graphicsmagick *WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17501 CONFIRM BID CONFIRMgraphicsmagick -- graphicsmagick *ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17502 CONFIRM CONFIRMgraphicsmagick -- graphicsmagick *ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17503 CONFIRM CONFIRMgraphicsmagick -- graphicsmagick *WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.2017-12-10not yet calculatedCVE-2017-17498 CONFIRM BID CONFIRMharbor -- harbor *The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.2017-12-15not yet calculatedCVE-2017-17697 MISChdf5 -- hdf5 *In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17507 MISChdf5 -- hdf5 *In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17505 MISChdf5 -- hdf5 *In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17506 MISChdf5 -- hdf5 *In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17509 MISChdf5 -- hdf5 *In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17508 MISChuawei*-- multiple_products *Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.2017-12-11not yet calculatedCVE-2014-8358 CONFIRM BID MISCibm -- connections_engagement_center IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005.2017-12-11not yet calculatedCVE-2017-1683 CONFIRM BID MISCibm -- connections *IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.2017-12-11not yet calculatedCVE-2017-1613 CONFIRM BID MISCibm -- doors_next_generation *IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915.2017-12-13not yet calculatedCVE-2017-1546 CONFIRM BID MISCibm -- financial_transaction_manager_for_multi-platform *IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.2017-12-11not yet calculatedCVE-2017-1606 CONFIRM BID MISCibm -- inotes *IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2017-12-13not yet calculatedCVE-2017-1421 CONFIRM BID SECTRACK MISCibm -- jazz_foundation_products *IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.2017-12-11not yet calculatedCVE-2017-1507 CONFIRM MISCibm -- maximo_asset_management *IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.2017-12-13not yet calculatedCVE-2017-1558 CONFIRM MISCibm -- sterling_file_gateway *IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290.2017-12-11not yet calculatedCVE-2017-1550 CONFIRM BID MISCibm -- sterling_file_gateway *IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289.2017-12-11not yet calculatedCVE-2017-1549 CONFIRM BID MISCibm -- sterling_file_gateway *IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.2017-12-11not yet calculatedCVE-2017-1548 CONFIRM BID MISCibm -- sterling_file_gateway *IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178.2017-12-11not yet calculatedCVE-2017-1632 CONFIRM BID MISCibm -- support_tools_for_lotus_wcm *IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733.2017-12-11not yet calculatedCVE-2017-1536 CONFIRM BID MISCibm -- tivoli_monitoring *IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.2017-12-13not yet calculatedCVE-2017-1635 CONFIRM BID MISCibm -- tivoli_workload_scheduler *IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.2017-12-13not yet calculatedCVE-2017-1716 CONFIRM BID MISCibm -- websphere_mq *IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.2017-12-11not yet calculatedCVE-2017-1760 CONFIRM MISCicu -- international_components_for_unicode_for_c/c++ *The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.2017-12-10not yet calculatedCVE-2017-17484 MISC MISC MISC MISC MISC MISCidevicerestore -- idevicerestore *The socket_create function in socket.c in idevicerestore through 2017-12-10 allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket, a similar issue to CVE-2016-5104.2017-12-10not yet calculatedCVE-2017-17496 MISCimagemagick -- imagemagick *In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.2017-12-14not yet calculatedCVE-2017-17682 CONFIRMimagemagick -- imagemagick *ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.2017-12-10not yet calculatedCVE-2017-17504 CONFIRMimagemagick -- imagemagick *In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.2017-12-14not yet calculatedCVE-2017-17680 CONFIRMimagemagick -- imagemagick *In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.2017-12-14not yet calculatedCVE-2017-17681 CONFIRMimagemagick -- imagemagick *ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.2017-12-10not yet calculatedCVE-2017-17499 BID CONFIRM CONFIRM CONFIRMintel -- graphics_driver *Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.2017-12-12not yet calculatedCVE-2017-5717 CONFIRMk7 -- antivirus_15.1.0309 *K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17700 MISCk7 -- antivirus_15.1.0309 *K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17701 MISCk7 -- antivirus_15.1.0309 *K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17699 MISCkaspersky -- embedded_systems_security *Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.2017-12-08not yet calculatedCVE-2017-12823 BID CONFIRMkildclient -- kildclient *KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.2017-12-14not yet calculatedCVE-2017-17511 MISCkiwi -- kiwi *examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17532 MISClandesk*-- management_suite *In LANDESK Management Suite 2016.4 and 2017.x, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.2017-12-11not yet calculatedCVE-2017-11463 MISClegion_of_the_bouncy_castle -- bouncycastle_tls *BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."2017-12-12not yet calculatedCVE-2017-13098 CERT-VN BID CONFIRM MISClib/ecstatic.js*-- lib/ecstatic.js *A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.2017-12-14not yet calculatedCVE-2016-10703 MISC MISClilypond -- lilypond *lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.2017-12-11not yet calculatedCVE-2017-17523 MISC MISC MISClinux -- kernel *The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.2017-12-12not yet calculatedCVE-2017-17558 MISC MISClinux*-- kernel *The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.2017-12-15not yet calculatedCVE-2017-17712 CONFIRM CONFIRMlinux*-- kernel *The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.2017-12-11not yet calculatedCVE-2017-1000407 MLIST BID CONFIRM MLISTmaplesoft -- maple_t.a. *A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688.2017-12-16not yet calculatedCVE-2017-14134 MISCmathias_kettner -- check_mk *A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.2017-12-11not yet calculatedCVE-2017-11507 CONFIRM MISCmckesson_medical_imaging_company -- conserus_image_repository_archive_solution *A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker.2017-12-15not yet calculatedCVE-2017-14101 MISCmckesson_medical_imaging_company -- conserus_workflow_intelligence_application *Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users.2017-12-15not yet calculatedCVE-2017-16776 MISCmeinberg -- lantime_devicesDirectory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.2017-12-15not yet calculatedCVE-2017-16788 FULLDISCmeinberg -- lantime_devices *The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.2017-12-15not yet calculatedCVE-2017-16787 FULLDISC FULLDISCmensis -- mensis *uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521.2017-12-14not yet calculatedCVE-2017-17534 MISCmetview -- metview *etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17515 MISCmicro_focus -- project_and_portfolio_management_center *Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack.2017-12-12not yet calculatedCVE-2017-14361 CONFIRMmicro_focus -- project_and_portfolio_management_center *Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.2017-12-12not yet calculatedCVE-2017-14362 CONFIRMmicrosoft -- chakracore *ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11916 BID CONFIRMmicrosoft -- device_guard Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".2017-12-12not yet calculatedCVE-2017-11899 BID SECTRACK CONFIRMmicrosoft -- exchance_server *Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".2017-12-12not yet calculatedCVE-2017-11932 BID SECTRACK CONFIRMmicrosoft -- internet_explorer Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919.2017-12-12not yet calculatedCVE-2017-11887 BID SECTRACK CONFIRMmicrosoft -- internet_explorer *Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11901 BID SECTRACK CONFIRMmicrosoft -- internet_explorer *Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11903 BID SECTRACK CONFIRMmicrosoft -- internet_explorer *Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11913 BID SECTRACK CONFIRMmicrosoft -- internet_explorer *Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11907 BID SECTRACK CONFIRMmicrosoft -- internet_explorer *Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919.2017-12-12not yet calculatedCVE-2017-11906 BID SECTRACK CONFIRMmicrosoft -- malware_protection_engine *The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937.2017-12-08not yet calculatedCVE-2017-11940 BID SECTRACK CONFIRMmicrosoft -- multiple_products Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".2017-12-12not yet calculatedCVE-2017-11888 BID SECTRACK CONFIRMmicrosoft -- multiple_productsChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11912 BID SECTRACK SECTRACK CONFIRMmicrosoft -- multiple_products ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11893 BID SECTRACK CONFIRMmicrosoft -- multiple_productsChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11918 BID SECTRACK CONFIRMmicrosoft -- multiple_products ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11894 BID SECTRACK SECTRACK CONFIRMmicrosoft -- multiple_products ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11895 BID SECTRACK SECTRACK CONFIRMmicrosoft -- multiple_productsChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11911 BID SECTRACK CONFIRMmicrosoft -- multiple_products Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11890 BID SECTRACK CONFIRMmicrosoft -- multiple_products ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11889 BID SECTRACK CONFIRMmicrosoft -- multiple_products *ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11909 BID SECTRACK CONFIRMmicrosoft -- multiple_products *ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11910 BID SECTRACK CONFIRMmicrosoft -- multiple_products *ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11908 BID SECTRACK CONFIRMmicrosoft -- multiple_products *ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11914 BID SECTRACK CONFIRMmicrosoft -- multiple_products *ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916.2017-12-12not yet calculatedCVE-2017-11930 BID SECTRACK CONFIRMmicrosoft -- multiple_products *ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11905 BID SECTRACK CONFIRMmicrosoft -- multiple_products *ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.2017-12-12not yet calculatedCVE-2017-11919 BID SECTRACK CONFIRMmicrosoft -- office_2016_click-to-run *Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".2017-12-12not yet calculatedCVE-2017-11935 BID SECTRACK CONFIRMmicrosoft -- office_2016_click-to-run *Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11939 BID SECTRACK CONFIRMmicrosoft -- office *Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11934 BID SECTRACK CONFIRMmicrosoft -- sharepoint_enterprise_server_2016 *Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".2017-12-12not yet calculatedCVE-2017-11936 BID SECTRACK CONFIRMmicrosoft -- windows Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".2017-12-12not yet calculatedCVE-2017-11885 BID SECTRACK CONFIRMmicrosoft -- windows Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11886 BID SECTRACK CONFIRMmicrosoft -- windows *Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11927 BID SECTRACK CONFIRMmikrotik -- multiple_devices *MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.2017-12-13not yet calculatedCVE-2017-17538 EXPLOIT-DBmikrotik -- routerboard *MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.2017-12-13not yet calculatedCVE-2017-17537 EXPLOIT-DBmobotap -- dolphin_browser_for_android *The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a specific executable in the Dolphin Browser's data directory with a crafted malicious executable. Every time the Dolphin Browser is launched, it will attempt to run the malicious executable from disk, thus executing the attacker's code.2017-12-11not yet calculatedCVE-2017-17551 MISCmobotap -- dolphin_browser_for_android *The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.2017-12-11not yet calculatedCVE-2017-17553 MISCnip2 -- nip2 *** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable.2017-12-14not yet calculatedCVE-2017-17514 MISCnode.js -- node.js *Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.2017-12-11not yet calculatedCVE-2017-15896 CONFIRMnode.js -- node.js *Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.2017-12-11not yet calculatedCVE-2017-15897 CONFIRMocaml -- ocaml_batteries_included *batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17519 MISCoctopus -- octopus_deploy *In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.2017-12-13not yet calculatedCVE-2017-17665 CONFIRMopenstack*-- openstack *A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.2017-12-12not yet calculatedCVE-2017-12155 CONFIRM CONFIRMpalo_alto_networks -- globalprotect_agent *Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."2017-12-11not yet calculatedCVE-2017-15870 BID CONFIRMpalo_alto_networks -- pan-os *The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.2017-12-11not yet calculatedCVE-2017-15943 BID SECTRACK CONFIRMpalo_alto_networks -- pan-os *Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface.2017-12-11not yet calculatedCVE-2017-15942 BID SECTRACK CONFIRMpalo_alto_networks -- pan-os *The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.2017-12-11not yet calculatedCVE-2017-15940 BID SECTRACK CONFIRMpalo_alto_networks -- pan-os *Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.2017-12-11not yet calculatedCVE-2017-15944 BID SECTRACK CONFIRMpanda_security -- panda_global_protection *Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.2017-12-14not yet calculatedCVE-2017-17684 MISCpanda_security -- panda_global_protection *Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.2017-12-14not yet calculatedCVE-2017-17683 MISCpandora -- ios_app *Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.2017-12-15not yet calculatedCVE-2017-3194 BID MISC CERT-VN MISCpasdoc -- pasdoc *** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used.2017-12-14not yet calculatedCVE-2017-17527 MISCpcausa -- rawether_framework *PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.2017-12-15not yet calculatedCVE-2017-3196 MISC BID MISC CERT-VNphabricator -- phabricator *Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.2017-12-11not yet calculatedCVE-2017-17536 MISC MISCphoenix_contact -- fl_comserver *A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.2017-12-11not yet calculatedCVE-2017-16723 BID MISC MISCphpscriptsmall.com -- advance_b2b_script *Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.2017-12-13not yet calculatedCVE-2017-17602 MISCphpscriptsmall.com -- advance_online_learning_managment_script *Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.2017-12-13not yet calculatedCVE-2017-17599 MISCphpscriptsmall.com -- advanced_real_estate_script *Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.2017-12-13not yet calculatedCVE-2017-17603 MISCphpscriptsmall.com -- advanced_world_database *Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.2017-12-13not yet calculatedCVE-2017-17640 MISCphpscriptsmall.com -- affiliate_mlm_script *Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.2017-12-13not yet calculatedCVE-2017-17598 MISCphpscriptsmall.com -- basic_b2b_script *Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17600 MISCphpscriptsmall.com -- beauty_parlour_booking_script *Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.2017-12-13not yet calculatedCVE-2017-17595 MISCphpscriptsmall.com -- cab_booking_script *Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.2017-12-13not yet calculatedCVE-2017-17601 MISCphpscriptsmall.com -- car_rental_script *Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.2017-12-13not yet calculatedCVE-2017-17637 MISCphpscriptsmall.com -- chartered_accountant_booking_script *Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.2017-12-13not yet calculatedCVE-2017-17609 MISCphpscriptsmall.com -- child_care_script *Child Care Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17608 MISCphpscriptsmall.com -- cms_auditor_website *CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.2017-12-13not yet calculatedCVE-2017-17607 MISCphpscriptsmall.com -- co-work_space_search_script *Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17606 MISCphpscriptsmall.com -- consumer_complaints_clone_script *Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.2017-12-13not yet calculatedCVE-2017-17605 MISCphpscriptsmall.com -- doctor_search_script *Doctor Search Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17611 MISCphpscriptsmall.com -- domainsale_php_script *DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.2017-12-13not yet calculatedCVE-2017-17594 MISCphpscriptsmall.com -- e-commerce_mlm_software *E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.2017-12-13not yet calculatedCVE-2017-17610 MISCphpscriptsmall.com -- entrepreneur_bus_booking_script *Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.2017-12-13not yet calculatedCVE-2017-17604 MISCphpscriptsmall.com -- entrepreneur_dating_script *Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.2017-12-13not yet calculatedCVE-2017-17648 EXPLOIT-DBphpscriptsmall.com -- entrepreneur_job_portal_script *Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.2017-12-13not yet calculatedCVE-2017-17596 MISCphpscriptsmall.com -- event_search_script *Event Search Script 1.0 has SQL Injection via the /event-list city parameter.2017-12-13not yet calculatedCVE-2017-17616 MISCphpscriptsmall.com -- facebook_clone_script *Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.2017-12-13not yet calculatedCVE-2017-17615 MISCphpscriptsmall.com -- food_order_script *Food Order Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17614 MISCphpscriptsmall.com -- foodspotting_clone_script *Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.2017-12-13not yet calculatedCVE-2017-17617 MISCphpscriptsmall.com -- freelance_website_script *Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.2017-12-13not yet calculatedCVE-2017-17613 MISCphpscriptsmall.com -- groupon_clone_script *Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.2017-12-13not yet calculatedCVE-2017-17638 MISCphpscriptsmall.com -- hot_scripts_clone *Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.2017-12-13not yet calculatedCVE-2017-17612 MISCphpscriptsmall.com -- kickstarter_clone_script *Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.2017-12-13not yet calculatedCVE-2017-17618 MISCphpscriptsmall.com -- laundry_booking_script *Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17619 MISC MISCphpscriptsmall.com -- lawyer_search_script *Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.2017-12-13not yet calculatedCVE-2017-17620 MISCphpscriptsmall.com -- mlm_forced_matrix *MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.2017-12-13not yet calculatedCVE-2017-17636 MISCphpscriptsmall.com -- mlm_forex_market_plan_script *MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.2017-12-13not yet calculatedCVE-2017-17635 MISCphpscriptsmall.com -- multiplex_movie_theater_booking_script *Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.2017-12-13not yet calculatedCVE-2017-17633 MISCphpscriptsmall.com -- multireligion_responsive_matrimonial *Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.2017-12-13not yet calculatedCVE-2017-17631 MISCphpscriptsmall.com -- multivendor_penny_auction_clone_script *Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.2017-12-13not yet calculatedCVE-2017-17621 MISC MISCphpscriptsmall.com -- muslim_matrimonial_script *Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.2017-12-13not yet calculatedCVE-2017-17639 MISCphpscriptsmall.com -- nearbuy_clone_script *Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.2017-12-13not yet calculatedCVE-2017-17597 MISCphpscriptsmall.com -- online_exam_test_application_script *Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.2017-12-13not yet calculatedCVE-2017-17622 MISC MISCphpscriptsmall.com -- opensource_classified_ads_script *Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.2017-12-13not yet calculatedCVE-2017-17623 MISCphpscriptsmall.com -- php_multivendor_ecommerce *PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.2017-12-13not yet calculatedCVE-2017-17624 MISCphpscriptsmall.com -- professional_service_script *Professional Service Script 1.0 has SQL Injection via the service-list city parameter.2017-12-13not yet calculatedCVE-2017-17625 MISCphpscriptsmall.com -- readymade_php_classified_script *Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.2017-12-13not yet calculatedCVE-2017-17626 MISCphpscriptsmall.com -- readymade_video_sharing_script *Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.2017-12-13not yet calculatedCVE-2017-17627 MISCphpscriptsmall.com -- responsive_events_and_movie_ticket_booking_scriptR esponsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.2017-12-13not yet calculatedCVE-2017-17632 MISCphpscriptsmall.com -- responsive_realestate_script *Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.2017-12-13not yet calculatedCVE-2017-17628 MISCphpscriptsmall.com -- resume_clone_script *Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.2017-12-13not yet calculatedCVE-2017-17641 MISCphpscriptsmall.com -- secure_e-commerce_script *Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.2017-12-13not yet calculatedCVE-2017-17629 MISCphpscriptsmall.com -- single_theater_booking_script *Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.2017-12-13not yet calculatedCVE-2017-17634 MISCphpscriptsmall.com -- yoga_class_script *Yoga Class Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17630 MISCphusion_passenger -- phusion_passenger *In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.2017-12-14not yet calculatedCVE-2017-16355 CONFIRM CONFIRMposty -- readymade_classifieds_script *Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.2017-12-11not yet calculatedCVE-2017-17111 MISCposty -- scubez_posty_readymade_classifieds *Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.2017-12-13not yet calculatedCVE-2017-17567 MISCposty -- scubez_posty_readymade_classifieds *Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter.2017-12-13not yet calculatedCVE-2017-17569 MISCposty -- scubez_posty_readymade_classifieds *Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request.2017-12-13not yet calculatedCVE-2017-17568 MISCppm_2000 -- perspective_icm *Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms.2017-12-11not yet calculatedCVE-2017-11319 MISCpuppet*-- puppet_enterprise *Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect.2017-12-11not yet calculatedCVE-2015-6502 CONFIRMpuppet*-- puppet_enterprise *The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.2017-12-11not yet calculatedCVE-2015-8470 CONFIRMpuppet*-- puppetlabs-apache *The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.2017-12-11not yet calculatedCVE-2014-3250 CONFIRM CONFIRMpython -- python *Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17522 MISCqnap -- qsync_for_windows *A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines.2017-12-11not yet calculatedCVE-2017-13070 CONFIRMqt_company*-- qt_for_android *A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.2017-12-15not yet calculatedCVE-2017-10905 CONFIRM JVNqt_company*-- qt_for_android *Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-12-15not yet calculatedCVE-2017-10904 CONFIRM JVNradware -- alteon_devices *Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.2017-12-13not yet calculatedCVE-2017-17427 BID MISC CONFIRM CERT-VNrapid7 -- nexpose *Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.2017-12-14not yet calculatedCVE-2017-5264 CONFIRMreddit -- reddit_terminal_viewer *scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17516 MISCruby -- ruby *Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.2017-12-15not yet calculatedCVE-2017-17405 CONFIRM CONFIRMsap -- business_intelligence_promotion_management_applica tion *Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.2017-12-12not yet calculatedCVE-2017-16681 BID CONFIRM CONFIRMsap -- business_intelligence_promotion_management_applica tion *SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.2017-12-12not yet calculatedCVE-2017-16684 BID CONFIRM CONFIRMsap -- business_objects_platform *Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.2017-12-12not yet calculatedCVE-2017-16683 BID CONFIRM CONFIRMsap -- business_warehouse_universal_data_integration *Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.2017-12-12not yet calculatedCVE-2017-16685 BID CONFIRM CONFIRMsap -- hana *The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.2017-12-12not yet calculatedCVE-2017-16687 BID CONFIRM CONFIRMsap -- hana *Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct.2017-12-12not yet calculatedCVE-2017-16680 BID CONFIRM CONFIRMsap -- kernel *A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.2017-12-12not yet calculatedCVE-2017-16689 BID CONFIRM CONFIRMsap -- netweaver_internet_transaction_server *SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.2017-12-12not yet calculatedCVE-2017-16682 BID CONFIRM CONFIRMsap -- netweaver_knowledge_management_configuration_servi ce *Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.2017-12-12not yet calculatedCVE-2017-16678 BID CONFIRM CONFIRMsap -- note_assistant_tool *SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.2017-12-12not yet calculatedCVE-2017-16691 CONFIRM CONFIRMsap -- plant_connectivity *A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed.2017-12-12not yet calculatedCVE-2017-16690 BID CONFIRM CONFIRMsap -- startup_service *URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.2017-12-12not yet calculatedCVE-2017-16679 BID CONFIRM CONFIRMscummvm -- scummvm *backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17528 MISCseacms -- seacms *SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.2017-12-12not yet calculatedCVE-2017-17561 MISC MISCsensible-utils -- sensible-utils *sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.2017-12-11not yet calculatedCVE-2017-17512 MISC MISCsinology -- mailplus_server *Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.2017-12-15not yet calculatedCVE-2017-15890 CONFIRMswi-prolog -- swi-prolog *library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17524 MISCsylpheed -- sylpheed *libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17517 MISCsymantec -- norton_family_android_app *Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings.2017-12-13not yet calculatedCVE-2017-15530 BID CONFIRMsymantec -- norton_family_android_app *Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.2017-12-13not yet calculatedCVE-2017-15529 BID CONFIRMsynaptics -- touchpad_drivers *A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.2017-12-15not yet calculatedCVE-2017-17556 HP CONFIRM MISCtechno -- portfolio_management_panel *Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.2017-12-11not yet calculatedCVE-2017-17110 MISCtechno -- portfolio_management_panel *Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.2017-12-15not yet calculatedCVE-2017-17695 MISCtechno -- portfolio_management_panel *Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.2017-12-15not yet calculatedCVE-2017-17696 MISCtechno -- portfolio_management_panel *Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.2017-12-15not yet calculatedCVE-2017-17694 MISCtechno -- portfolio_management_panel *Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.2017-12-15not yet calculatedCVE-2017-17693 MISCtelegram – telegram_messenger *The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.2017-12-16not yet calculatedCVE-2017-17715 MISCtex_live -- tex_live *TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.2017-12-14not yet calculatedCVE-2017-17513 MISCtibbr -- tibbr_community_and_tibbr_enterprise *The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.2017-12-12not yet calculatedCVE-2017-5530 CONFIRMtibbr -- tibbr_community_and_tibbr_enterprise *The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.2017-12-12not yet calculatedCVE-2017-5534 CONFIRMtibco -- businessworks_process_monitor *Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface.2017-12-10not yet calculatedCVE-2017-16789 MISCtidy -- tidy *In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.2017-12-10not yet calculatedCVE-2017-17497 CONFIRMtin -- tin *** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs."2017-12-14not yet calculatedCVE-2017-17520 MISCtkabber -- tkabber *default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17533 MISCtrend_micro -- encryption_for_mail *A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.2017-12-15not yet calculatedCVE-2017-11397 MISC CONFIRMtrend_micro -- scanmail_for_exchange *The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.2017-12-15not yet calculatedCVE-2017-14093 CONFIRM MISCtrend_micro -- scanmail_for_exchange *The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.2017-12-15not yet calculatedCVE-2017-14092 CONFIRM MISCtrend_micro -- scanmail_for_exchange *A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.2017-12-15not yet calculatedCVE-2017-14090 CONFIRM MISCtrend_micro -- scanmail_for_exchange *A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.2017-12-15not yet calculatedCVE-2017-14091 CONFIRM MISCvbulletin -- vbulletin *vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file.2017-12-13not yet calculatedCVE-2017-17671 MISCvbulletin -- vbulletin *In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.2017-12-13not yet calculatedCVE-2017-17672 MISCvideolan -- vlc_media_player *In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.2017-12-15not yet calculatedCVE-2017-17670 MISCvmware -- airwatch_console *VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.2017-12-12not yet calculatedCVE-2017-4942 BID SECTRACK CONFIRMvmware*-- vasa_provider *Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.2017-12-11not yet calculatedCVE-2016-6904 CONFIRMwestern_digital -- mycloud_pr4100_2.30.172_devices *An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.2017-12-12not yet calculatedCVE-2017-17560 MISC MISCwhite_dune -- white_dune *swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17518 MISCwolfssl -- wolfssl *wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."2017-12-12not yet calculatedCVE-2017-13099 CERT-VN BID CONFIRM MISCxen -- xen *An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.2017-12-12not yet calculatedCVE-2017-17563 CONFIRM CONFIRMxen -- xen *An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.2017-12-12not yet calculatedCVE-2017-17565 CONFIRM CONFIRMxen -- xen *An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.2017-12-12not yet calculatedCVE-2017-17566 CONFIRM CONFIRM xen -- xen *An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.2017-12-12not yet calculatedCVE-2017-17564 CONFIRM CONFIRMxtuple_postbooks -- xtuple_postbooks *guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17525 MISCyourphpscript.com -- simple_chatting_system *Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.2017-12-13not yet calculatedCVE-2017-17593 MISCzoho -- manageengine_password_manager_pro_9 *Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.2017-12-15not yet calculatedCVE-2017-17698 @#926#Back to top This product is provided subject to this Notification and this Privacy & Use policy. More... |
Sponsored Links |
|