US CERT

Holiday Scams and Malware Campaigns

1 day 14 hours ago
Original release date: November 16, 2017 | Last revised: November 17, 2017

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Emails and ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver attachments infected with malware. Spoofed email messages and phony posts on social networking sites may request support for fraudulent causes.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

  • Avoid following unsolicited links or downloading attachments from unknown sources.
  • Visit the Federal Trade Commission's Consumer Information page on Charity Scams.

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites. See Choosing and Protecting Passwords for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

ST17-001: Securing the Internet of Things

1 day 18 hours ago
Original release date: November 16, 2017 | Last revised: November 17, 2017

The Internet of Things refers to any object or device that sends and receives data automatically through the Internet. This rapidly expanding set of “things” includes tags (also known as labels or chips that automatically track objects), sensors, and devices that interact with people and share information machine to machine.

Why Should We Care?

Cars, appliances, wearables, lighting, healthcare, and home security all contain sensing devices that can talk to other machines and trigger additional actions. Examples include devices that direct your car to an open spot in a parking lot; mechanisms that control energy use in your home; control systems that deliver water and power to your workplace; and other tools that track your eating, sleeping, and exercise habits.

This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of this information, and the security of these devices, is not always guaranteed.

What Are the Risks?

Though many security and resilience risks are not new, the scale of interconnectedness created by the Internet of Things increases the consequences of known risks and creates new ones. Attackers take advantage of this scale to infect large segments of devices at a time, allowing them access to the data on those devices or to, as part of a botnet, attack other computers or devices for malicious intent. See Cybersecurity for Electronic Devices, Understanding Hidden Threats: Rootkits and Botnets, and Understanding Denial-of-Service Attacks for more information.

How Do I Improve the Security of Internet-Enabled Devices?

Without a doubt, the Internet of Things makes our lives easier and has many benefits; but we can only reap these benefits if our Internet-enabled devices are secure and trusted. The following are important steps you should consider to make your Internet of Things more secure.

Evaluate your security settings. Most devices offer a variety of features that you can tailor to meet your needs and requirements. Enabling certain features to increase convenience or functionality may leave you more vulnerable to being attacked. It is important to examine the settings, particularly security settings, and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of software, or if you become aware of something that might affect your device, reevaluate your settings to make sure they are still appropriate. See Good Security Habits for more information.

Ensure you have up-to-date software. When manufacturers become aware of vulnerabilities in their products, they often issue patches to fix the problem. Patches are software updates that fix a particular issue or vulnerability within your device’s software. Make sure to apply relevant patches as soon as possible to protect your devices. See Understanding Patches for more information.

Connect carefully. Once your device is connected to the Internet, it’s also connected to millions of other computers, which could allow attackers access to your device. Consider whether continuous connectivity to the Internet is needed. See Securing Your Home Network for more information.

Use strong passwords. Passwords are a common form of authentication and are often the only barrier between you and your personal information. Some Internet-enabled devices are configured with default passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Choose strong passwords to help secure your device. See Choosing and Protecting Passwords for more information.

Additional Information

The following organizations offer additional information about this topic:

Authors: Stop.Think.Connect. and National Cybersecurity and Communications Integration Center (NCCIC)

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Oracle Releases Security Alert

1 day 18 hours ago
Original release date: November 16, 2017

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Oracle Security Alert Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Update

2 days 23 hours ago
Original release date: November 15, 2017

Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Mozilla Releases Security Updates

3 days 19 hours ago
Original release date: November 14, 2017

Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57 and ESR 52.5 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer

3 days 21 hours ago
Original release date: November 14, 2017 | Last revised: November 15, 2017
Systems Affected

Network systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan malware variant used by the North Korean government—commonly known as Volgmer. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and to further network exploitation. DHS and FBI are distributing these IP addresses to enable network defense and reduce exposure to North Korean government malicious cyber activity.

This alert includes IOCs related to HIDDEN COBRA, IP addresses linked to systems infected with Volgmer malware, malware descriptions, and associated signatures. This alert also includes suggested response actions to the IOCs provided, recommended mitigation techniques, and information on reporting incidents. If users or administrators detect activity associated with the Volgmer malware, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give it the highest priority for enhanced mitigation.

For a downloadable copy of IOCs, see:

NCCIC conducted analysis on five files associated with or identified as Volgmer malware and produced a Malware Analysis Report (MAR). MAR-10135536-D examines the tactics, techniques, and procedures observed. For a downloadable copy of the MAR, see:

Description

Volgmer is a backdoor Trojan designed to provide covert access to a compromised system. Since at least 2013, HIDDEN COBRA actors have been observed using Volgmer malware in the wild to target the government, financial, automotive, and media industries.

It is suspected that spear phishing is the primary delivery mechanism for Volgmer infections; however, HIDDEN COBRA actors use a suite of custom tools, some of which could also be used to initially compromise a system. Therefore, it is possible that additional HIDDEN COBRA malware may be present on network infrastructure compromised with Volgmer

The U.S. Government has analyzed Volgmer’s infrastructure and have identified it on systems using both dynamic and static IP addresses. At least 94 static IP addresses were identified, as well as dynamic IP addresses registered across various countries. The greatest concentrations of dynamic IPs addresses are identified below by approximate percentage:

  • India (772 IPs) 25.4 percent
  • Iran (373 IPs) 12.3 percent
  • Pakistan (343 IPs) 11.3 percent
  • Saudi Arabia (182 IPs) 6 percent
  • Taiwan (169 IPs) 5.6 percent
  • Thailand (140 IPs) 4.6 percent
  • Sri Lanka (121 IPs) 4 percent
  • China (82 IPs, including Hong Kong (12)) 2.7 percent
  • Vietnam (80 IPs) 2.6 percent
  • Indonesia (68 IPs) 2.2 percent
  • Russia (68 IPs) 2.2 percent
Technical Details

As a backdoor Trojan, Volgmer has several capabilities including: gathering system information, updating service registry keys, downloading and uploading files, executing commands, terminating processes, and listing directories. In one of the samples received for analysis, the US-CERT Code Analysis Team observed botnet controller functionality.

Volgmer payloads have been observed in 32-bit form as either executables or dynamic-link library (.dll) files. The malware uses a custom binary protocol to beacon back to the command and control (C2) server, often via TCP port 8080 or 8088, with some payloads implementing Secure Socket Layer (SSL) encryption to obfuscate communications.

Malicious actors commonly maintain persistence on a victim’s system by installing the malware-as-a-service. Volgmer queries the system and randomly selects a service in which to install a copy of itself. The malware then overwrites the ServiceDLL entry in the selected service's registry entry. In some cases, HIDDEN COBRA actors give the created service a pseudo-random name that may be composed of various hardcoded words.

Detection and Response

This alert’s IOC files provide HIDDEN COBRA indicators related to Volgmer. DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware.

When reviewing network perimeter logs for the IP addresses, organizations may find instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find some traffic relates to malicious activity and some traffic relates to legitimate activity.

Network Signatures and Host-Based Rules

This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors. Although created using a comprehensive vetting process, the possibility of false positives always remains. These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to HIDDEN COBRA actors.

Network Signatures

alert tcp any any -> any any (msg:"Malformed_UA"; content:"User-Agent: Mozillar/"; depth:500; sid:99999999;)

___________________________________________________________________________________________________

YARA Rules

rule volgmer
{
meta:
    description = "Malformed User Agent"
strings:
    $s = "Mozillar/"
condition:
    (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and $s
}

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.
Solution Mitigation Strategies

DHS recommends that users and administrators use the following best practices as preventive measures to protect their computer networks:

  • Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
  • Keep operating systems and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
  • Maintain up-to-date antivirus software, and scan all software downloaded from the Internet before executing.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
  • Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.
  • Do not follow unsolicited web links in emails. See Avoiding Social Engineering and Phishing Attacks for more information.
Response to Unauthorized Network Access
  • Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistance, contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), FBI through a local field office, or the FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).
References
Revision History
  • November 14, 2017: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Microsoft Releases November 2017 Security Updates

3 days 21 hours ago
Original release date: November 14, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's November 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL

3 days 22 hours ago
Original release date: November 14, 2017
Systems Affected

Network systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as FALLCHILL. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and to further network exploitation. DHS and FBI are distributing these IP addresses to enable network defense and reduce exposure to any North Korean government malicious cyber activity.

This alert includes IOCs related to HIDDEN COBRA, IP addresses linked to systems infected with FALLCHILL malware, malware descriptions, and associated signatures. This alert also includes suggested response actions to the IOCs provided, recommended mitigation techniques, and information on reporting incidents. If users or administrators detect activity associated with the FALLCHILL malware, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give it the highest priority for enhanced mitigation.

For a downloadable copy of IOCs, see:

NCCIC conducted analysis on two samples of FALLCHILL malware and produced a Malware Analysis Report (MAR). MAR-10135536-A examines the tactics, techniques, and procedures observed in the malware. For a downloadable copy of the MAR, see:

Description

According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.

During analysis of the infrastructure used by FALLCHILL malware, the U.S. Government identified 83 network nodes. Additionally, using publicly available registration information, the U.S. Government identified the countries in which the infected IP addresses are registered.

Technical Details

FALLCHILL is the primary component of a C2 infrastructure that uses multiple proxies to obfuscate network traffic between HIDDEN COBRA actors and a victim’s system. According to trusted third-party reporting, communication flows from the victim’s system to HIDDEN COBRA actors using a series of proxies as shown in figure 1.

Figure 1. HIDDEN COBRA Communication Flow

FALLCHILL uses fake Transport Layer Security (TLS) communications, encoding the data with RC4 encryption with the following key: [0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82]. FALLCHILL collects basic system information and beacons the following to the C2:

  • operating system (OS) version information,
  • processor information,
  • system name,
  • local IP address information,
  • unique generated ID, and
  • media access control (MAC) address.

FALLCHILL contains the following built-in functions for remote operations that provide various capabilities on a victim’s system:

  • retrieve information about all installed disks, including the disk type and the amount of free space on the disk;
  • create, start, and terminate a new process and its primary thread;
  • search, read, write, move, and execute files;
  • get and modify file or directory timestamps;
  • change the current directory for a process or file; and
  • delete malware and artifacts associated with the malware from the infected system.
Detection and Response

This alert’s IOC files provide HIDDEN COBRA indicators related to FALLCHILL. DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware.

When reviewing network perimeter logs for the IP addresses, organizations may find instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find some traffic relates to malicious activity and some traffic relates to legitimate activity.

Network Signatures and Host-Based Rules

This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors. Although created using a comprehensive vetting process, the possibility of false positives always remains. These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to HIDDEN COBRA actors.

Network Signatures

alert tcp any any -> any any (msg:"Malicious SSL 01 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\x04\x88\x4d\x76/"; rev:1; sid:2;)

___________________________________________________________________________________________

alert tcp any any -> any any (msg:"Malicious SSL 02 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\x06\x88\x4d\x76/"; rev:1; sid:3;)

___________________________________________________________________________________________

alert tcp any any -> any any (msg:"Malicious SSL 03 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\xb2\x63\x70\x7b/"; rev:1; sid:4;)

___________________________________________________________________________________________

alert tcp any any -> any any (msg:"Malicious SSL 04 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\xb0\x63\x70\x7b/"; rev:1; sid:5;)

___________________________________________________________________________________________YARA Rules

The following rules were provided to NCCIC by a trusted third party for the purpose of assisting in the identification of malware associated with this alert.

THIS DHS/NCCIC MATERIAL IS FURNISHED ON AN “AS-IS” BASIS.  These rules have been tested and determined to function effectively in a lab environment, but we have no way of knowing if they may function differently in a production network.  Anyone using these rules are encouraged to test them using a data set representitive of their environment.

rule rc4_stack_key_fallchill
{
meta:
    description = "rc4_stack_key"
strings:
    $stack_key = { 0d 06 09 2a ?? ?? ?? ?? 86 48 86 f7 ?? ?? ?? ?? 0d 01 01 01 ?? ?? ?? ?? 05 00 03 82 41 8b c9 41 8b d1 49 8b 40 08 48 ff c2 88 4c 02 ff ff c1 81 f9 00 01 00 00 7c eb }
condition:
    (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and $stack_key
}

rule success_fail_codes_fallchill

{
meta:
    description = "success_fail_codes"
strings:
    $s0 = { 68 7a 34 12 00 }  
    $s1 = { ba 7a 34 12 00 }  
    $f0 = { 68 5c 34 12 00 }  
    $f1 = { ba 5c 34 12 00 }
condition:
    (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and (($s0 and $f0) or ($s1 and $f1))
}

___________________________________________________________________________________________

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.
Solution Mitigation Strategies

DHS recommends that users and administrators use the following best practices as preventive measures to protect their computer networks:

  • Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
  • Keep operating systems and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
  • Maintain up-to-date antivirus software, and scan all software downloaded from the Internet before executing.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
  • Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.
  • Do not follow unsolicited web links in emails. See Avoiding Social Engineering and Phishing Attacks for more information.
Response to Unauthorized Network Access
  • Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistance, contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), FBI through a local field office, or the FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).

 

References
Revision History
  • November 14, 2017: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Adobe Releases Security Updates

3 days 22 hours ago
Original release date: November 14, 2017

Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

SB17-317: Vulnerability Summary for the Week of November 6, 2017

5 days 4 hours ago
Original release date: November 13, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infographicsmagick -- graphicsmagickThe ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.2017-11-056.8CVE-2017-16545
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagickThe DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.2017-11-066.8CVE-2017-16547
CONFIRM
CONFIRMimagemagick -- imagemagickThe ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.2017-11-056.8CVE-2017-16546
CONFIRM
CONFIRM
CONFIRMBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabb -- fox515t
 An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.2017-11-06not yet calculatedCVE-2017-14025
BID
MISCadvantech -- webaccess
 An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.2017-11-06not yet calculatedCVE-2017-12719
BID
MISCadvantech -- webaccess
 A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.2017-11-06not yet calculatedCVE-2017-14016
BID
MISCasterisk -- open_source_certified_asterisk
 A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.2017-11-08not yet calculatedCVE-2017-16671
CONFIRM
BID
CONFIRMasterisk -- open_source_certified_asterisk
 An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.2017-11-08not yet calculatedCVE-2017-16672
CONFIRM
BID
CONFIRMavaya -- ip_office_contact_center
 Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.2017-11-09not yet calculatedCVE-2017-12969
CONFIRM
MISC
MISC
FULLDISC
BID
EXPLOIT-DBavaya -- ip_office
 Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.2017-11-09not yet calculatedCVE-2017-11309
CONFIRM
MISC
MISC
BID
EXPLOIT-DBbackintime -- backintime
 backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.2017-11-08not yet calculatedCVE-2017-16667
CONFIRM
CONFIRM
CONFIRMbludit -- bludit
 In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.2017-11-06not yet calculatedCVE-2017-16636
MISCbolt_technology -- bolt
 Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.2017-11-09not yet calculatedCVE-2017-16754
BID
MISC
MISCbrother -- debut_software
 The Debut embedded http server 1.20 contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. NOTE: this might overlap CVE-2017-12568.2017-11-09not yet calculatedCVE-2017-16249
MISC
EXPLOIT-DBcacti -- cacti
 Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.2017-11-08not yet calculatedCVE-2017-16660
MISCcacti -- cacti
 Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.2017-11-08not yet calculatedCVE-2017-16661
MISCcacti -- cacti
 Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.2017-11-10not yet calculatedCVE-2017-16785
MISCcacti -- cacti
 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.2017-11-07not yet calculatedCVE-2017-16641
CONFIRMcesanta -- mongoose
 An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2892
MISCcesanta -- mongoose
 An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2891
MISCcesanta -- mongoose
 An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2922
MISCcesanta -- mongoose
 An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2921
MISCcesanta -- mongoose
 An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2895
MISCcesanta -- mongoose
 An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2893
MISCcesanta -- mongoose
 An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2894
MISCcesanta -- mongoose
 An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2909
MISCcms_made_simple -- cms_made_simple
 In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.2017-11-10not yet calculatedCVE-2017-16784
MISCcms_made_simple -- cms_made_simple
 In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.2017-11-10not yet calculatedCVE-2017-16783
MISCconfire -- confire
 An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-10not yet calculatedCVE-2017-16763
MISCcumulus_networks -- linux
 bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).2017-11-08not yet calculatedCVE-2017-15865
CONFIRM
CONFIRM
CONFIRM
CONFIRMd-link -- dwr-933_device
 XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.2017-11-10not yet calculatedCVE-2017-16765
MISCdatto -- backup_agent
 Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto."2017-11-08not yet calculatedCVE-2017-16673
CONFIRMdatto -- windows_agent
 Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this "primary/secondary" attack with the CVE-2017-16673 "rogue pairing" attack to achieve unauthenticated access to all agent machines running these older DWA versions.2017-11-08not yet calculatedCVE-2017-16674
CONFIRMdisney -- circleAn exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2916
MISCdisney -- circleAn exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2898
MISCdisney -- circle
 An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12094
MISCdisney -- circle
 An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2913
MISCdisney -- circle
 An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2917
MISCdisney -- circle
 An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2911
MISCdisney -- circle
 An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2881
MISCdisney -- circle
 An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12083
MISCdisney -- circle
 An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12085
MISCdisney -- circle
 An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2914
MISCdisney -- circle
 A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server.2017-11-07not yet calculatedCVE-2017-12084
MISCdisney -- circle
 An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2912
MISCdisney -- circle
 An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2884
MISCdisney -- circle
 An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2889
MISCdisney -- circle
 An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2864
MISCdisney -- circle
 An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2883
MISCdisney -- circle
 An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2866
MISCdisney -- circle
 An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2865
MISCdisney -- circle
 An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2882
MISCdisney -- circle
 An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2915
MISCdisney -- circle
 An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2890
MISCdisney -- circle
 An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12096
MISCdjango_make_app -- django_make_app
 An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-10not yet calculatedCVE-2017-16764
MISCdocker -- moby
 The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.2017-11-04not yet calculatedCVE-2017-16539
MISC
MISC
MISC
MISC
MISCdrupal -- drupal
 Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.2017-11-06not yet calculatedCVE-2015-7878
MISCffmpeg -- ffmpeg
 The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.2017-11-06not yet calculatedCVE-2017-15672
CONFIRM
MLIST
BIDforcepoint -- triton_ap-email
 TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory.2017-11-06not yet calculatedCVE-2017-11177
CONFIRMgentoo -- gentoo
 The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.2017-11-06not yet calculatedCVE-2017-16638
CONFIRMgentoo -- gentoo
 The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.2017-11-08not yet calculatedCVE-2017-16659
CONFIRMgraphicsmagick -- graphicsmagick
 coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.2017-11-08not yet calculatedCVE-2017-16669
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISChashicorp -- vagrant
 In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.2017-11-06not yet calculatedCVE-2017-16001
MISChola -- hola
 Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.2017-11-09not yet calculatedCVE-2017-16757
MISChome_assistant -- home_assistant
 In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.2017-11-10not yet calculatedCVE-2017-16782
CONFIRMhpe -- content_manager_workgroup_service
 A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).2017-11-08not yet calculatedCVE-2017-14360
CONFIRMinedo -- buildmasterInedo BuildMaster before 5.8.2 has XSS.2017-11-10not yet calculatedCVE-2017-16760
CONFIRM
CONFIRMinedo -- buildmaster
 In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.2017-11-10not yet calculatedCVE-2017-16521
MISC
MISC
MISC
MISC
MISCinedo -- buildmaster
 An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.2017-11-10not yet calculatedCVE-2017-16761
CONFIRM
CONFIRM
CONFIRMinedo -- buildmaster
 Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.2017-11-10not yet calculatedCVE-2017-16520
CONFIRM
CONFIRM
CONFIRMingenious -- school_management_system
 /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.2017-11-07not yet calculatedCVE-2017-16561
EXPLOIT-DBinpage -- inpage
 Special crafted InPage document leads to arbitrary code execution in InPage reader.2017-11-08not yet calculatedCVE-2017-12824
MISCipswitch -- ws_ftp_professional
 Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.2017-11-03not yet calculatedCVE-2017-16513
MISC
MISC
EXPLOIT-DBitext -- itext
 The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.2017-11-08not yet calculatedCVE-2017-9096
BUGTRAQ
MISCjoomla! -- joomla!
 In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.2017-11-09not yet calculatedCVE-2017-16634
BID
SECTRACK
CONFIRMjoomla! -- joomla!
 In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.2017-11-09not yet calculatedCVE-2017-16633
BID
SECTRACK
CONFIRMkabona_ab -- webdatorcentral
 A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.2017-11-07not yet calculatedCVE-2016-0872
MISCkeystonejs -- keystonejs
 KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.2017-11-06not yet calculatedCVE-2017-16570
MISC
MISC
MISClibebml2 -- libebml2
 The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12800
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12801
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12802
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12783
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12781
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12782
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12780
MISC
FULLDISC
CONFIRMlibrenms -- librenms
 The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.2017-11-09not yet calculatedCVE-2017-16759
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.2017-11-06not yet calculatedCVE-2017-15306
MISC
MISC
MISC
BID
MISClinux -- linux_kernel
 The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16650
MISC
MISClinux -- linux_kernel
 The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16644
MISC
MISClinux -- linux_kernel
 The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16643
MISC
BID
MISC
MISClinux -- linux_kernel
 The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16645
BID
MISC
MISClinux -- linux_kernel
 drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16646
MISC
MISClinux -- linux_kernel
 The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.2017-11-07not yet calculatedCVE-2017-16648
BID
MISC
MISClinux -- linux_kernel
 drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16647
BID
MISC
MISClinux -- linux_kernel
 The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16649
BID
MISC
MISClogitech -- media_server
 Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite."2017-11-09not yet calculatedCVE-2017-16567
EXPLOIT-DBlogitech -- media_server
 Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL.2017-11-09not yet calculatedCVE-2017-16568
EXPLOIT-DBmanageengine -- applications_manager
 Zoho ManageEngine Applications Manager 13 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.2017-11-05not yet calculatedCVE-2017-16543
MISC
EXPLOIT-DBmanageengine -- applications_manager
 Zoho ManageEngine Applications Manager 13 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.2017-11-05not yet calculatedCVE-2017-16542
MISC
EXPLOIT-DBmanageengine -- servicedesk
 The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.2017-11-08not yet calculatedCVE-2017-11512
MISCmanageengine -- servicedesk
 The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.2017-11-08not yet calculatedCVE-2017-11511
MISCmatroska -- mkvalidator
 The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12779
MISC
FULLDISC
CONFIRMmetalgenix -- genixcms
 Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.2017-11-08not yet calculatedCVE-2015-3933
CONFIRM
EXPLOIT-DBmitrastar -- gpt-2541gnac_router
 MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.2017-11-03not yet calculatedCVE-2017-16523
BID
MISC
EXPLOIT-DBmkclean -- mkclean
 The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12803
MISC
FULLDISC
CONFIRMmlalchemy -- mlalchemy
 An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16615
CONFIRM
CONFIRM
MISCmybb_group -- mybb
 The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.2017-11-10not yet calculatedCVE-2017-16780
CONFIRMmybb_group -- mybb
 The installer in MyBB before 1.8.13 has XSS.2017-11-10not yet calculatedCVE-2017-16781
CONFIRMnetapp -- clustered_data_ontap
 NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.2017-11-09not yet calculatedCVE-2017-5201
BID
CONFIRMnetapp -- oncommand_unified_manager
 NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface.2017-11-09not yet calculatedCVE-2017-11461
BID
CONFIRMnetiq -- imanager
 Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.2017-11-06not yet calculatedCVE-2017-7425
CONFIRM
CONFIRM
CONFIRM
CONFIRMowlmixin -- owlmixin
 An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16618
CONFIRM
CONFIRM
MISCperl -- perl
 The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.2017-11-07not yet calculatedCVE-2008-7319
MISC
MISC
MISC
MISCphp -- php
 In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.2017-11-07not yet calculatedCVE-2017-16642
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMpyanyapi -- pyanyapi
 An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16616
CONFIRM
CONFIRM
MISC
CONFIRMred_hat -- enterprise_linux
 It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15087
BID
CONFIRMred_hat -- enterprise_linux
 It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15086
BID
CONFIRMred_hat -- enterprise_linux
 It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15085
BID
CONFIRMred_hat -- multiple_products
 Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.2017-11-09not yet calculatedCVE-2015-7501
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMremobjects -- remobjects
 RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.2017-11-08not yet calculatedCVE-2017-16665
CONFIRMroundcube -- roundcube
 Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.2017-11-09not yet calculatedCVE-2017-16651
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIANrsync -- rsync
 The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.2017-11-06not yet calculatedCVE-2017-16548
CONFIRM
CONFIRMsam2p -- sam2p
 In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely.2017-11-08not yet calculatedCVE-2017-16663
CONFIRMsamsung -- srn-1670d
 Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.2017-11-06not yet calculatedCVE-2017-16524
MISCsanic -- sanic
 Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.2017-11-10not yet calculatedCVE-2017-16762
CONFIRM
CONFIRMsavitech_corp -- savitech_drivers
 Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."2017-11-09not yet calculatedCVE-2017-9758
BID
MISC
CERT-VN
MISCsiemens -- simatic_pcs_7
 An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.2017-11-06not yet calculatedCVE-2017-14023
BID
SECTRACK
MISCsos -- sos
 sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.2017-11-06not yet calculatedCVE-2015-7529
BID
UBUNTU
MISC
MISC
CONFIRM
CONFIRMsuse -- suse_linux_enterprise_desktop
 The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.2017-11-09not yet calculatedCVE-2017-15638
SUSEswftools -- swftools
 The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.2017-11-09not yet calculatedCVE-2017-16711
MISCsymantec -- endpoint_protection
 Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.2017-11-06not yet calculatedCVE-2017-13680
BID
CONFIRMsymantec -- endpoint_protection
 Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.2017-11-06not yet calculatedCVE-2017-6331
BID
CONFIRMsymantec -- endpoint_protection
 Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.2017-11-06not yet calculatedCVE-2017-13681
BID
CONFIRMsynology -- carddav_server
 An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.2017-11-07not yet calculatedCVE-2017-15887
CONFIRMtinywebgallery -- tinywebgallery
 In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create.2017-11-06not yet calculatedCVE-2017-16635
MISCtor -- browser
 Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.2017-11-04not yet calculatedCVE-2017-16541
BID
MISC
MISC
MISC
MISC
MISCtrihedral -- vtscada
 An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.2017-11-06not yet calculatedCVE-2017-14029
MISCtrihedral -- vtscada
 An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.2017-11-06not yet calculatedCVE-2017-14031
MISCvectura -- perfect_privacy_vpn_manager
 In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdvancedProtection" crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the "FrmAdvancedProtection" component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers.2017-11-06not yet calculatedCVE-2017-16637
MISC
MISCvonage/grandstream -- ht802_device
 Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.2017-11-06not yet calculatedCVE-2017-16563
MISCvonage/grandstream -- ht802_device
 Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.2017-11-06not yet calculatedCVE-2017-16565
MISCvonage/grandstream -- ht802_device
 Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).2017-11-06not yet calculatedCVE-2017-16564
MISCwordpress -- wordpress
 The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.2017-11-09not yet calculatedCVE-2017-16562
CONFIRM
EXPLOIT-DBwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter.2017-11-09not yet calculatedCVE-2017-16758
MISC
MISC
MISCzurmo -- zurmo
 An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.2017-11-06not yet calculatedCVE-2017-16569
MISCzurmo -- zurmo
 Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.2017-11-06not yet calculatedCVE-2017-15039
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)

1 week 1 day ago
Original release date: November 09, 2017

Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT's Tip on Using Caution with Email Attachments.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Joomla! Releases Security Update

1 week 3 days ago
Original release date: November 07, 2017

Joomla! has released version 3.8.2 of its Content Management System (CMS) software to address multiple vulnerabilities. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

US-CERT encourages users and administrators to review the Joomla! Security Release and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Google Releases Security Update for Chrome

1 week 4 days ago
Original release date: November 06, 2017

Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

SB17-310: Vulnerability Summary for the Week of October 30, 2017

1 week 5 days ago
Original release date: November 06, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infofortinet -- fortiosA Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API.2017-10-274.0CVE-2017-14182
MISC
BID
SECTRACK
CONFIRMfortinet -- fortiosA Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter.2017-10-274.3CVE-2017-7733
BID
SECTRACK
CONFIRMgnu -- binutilsdwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).2017-10-275.0CVE-2017-15938
BID
MISC
MISC
MISCgnu -- binutilsdwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.2017-10-274.3CVE-2017-15939
BID
MISC
MISC
MISCgraphicsmagick -- graphicsmagickIn ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.2017-10-276.8CVE-2017-15930
CONFIRM
CONFIRM
BID
CONFIRMradare -- radare2In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.2017-10-276.8CVE-2017-15931
BID
CONFIRM
CONFIRMradare -- radare2In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.2017-10-276.8CVE-2017-15932
BID
CONFIRM
CONFIRMBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadult_script_pro -- adult_script_pro
 Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.2017-10-29not yet calculatedCVE-2017-15959
MISC
EXPLOIT-DBamazon_web_services -- cloudformation_boostrap
 The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.2017-10-30not yet calculatedCVE-2017-9450
BID
CONFIRMapache -- cordova
 The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.2017-10-30not yet calculatedCVE-2014-0073
MISC
FULLDISC
BUGTRAQ
BID
XF
CONFIRM
MLISTapache -- cordova
 ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.2017-10-30not yet calculatedCVE-2014-0072
MISC
FULLDISC
BUGTRAQ
XF
CONFIRM
MLISTapache -- hadoop
 Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.2017-10-30not yet calculatedCVE-2012-4449
MLIST
CONFIRMapache -- hive
 Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.2017-11-01not yet calculatedCVE-2017-12625
MLISTapache -- httpclient
 http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.2017-10-30not yet calculatedCVE-2013-4366
CONFIRM
CONFIRMapache -- juddi
 Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp.2017-10-30not yet calculatedCVE-2009-1198
CONFIRM
MLIST
BIDapache -- juddi
 Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.2017-10-30not yet calculatedCVE-2009-1197
CONFIRM
MLIST
BIDapache -- qpid
 qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.2017-10-30not yet calculatedCVE-2015-0224
FEDORA
MLIST
MISC
REDHAT
REDHAT
REDHAT
REDHAT
BUGTRAQ
BID
SECTRACK
REDHAT
CONFIRM
CONFIRMapache -- storm
 Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.2017-10-30not yet calculatedCVE-2014-0115
CONFIRM
MLISTapache -- struts
 The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.2017-10-30not yet calculatedCVE-2016-3090
BID
CONFIRM
SECTRACKapache -- subversion
 libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.2017-10-30not yet calculatedCVE-2013-4246
BID
CONFIRMapache -- traffic_server
 The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.2017-10-30not yet calculatedCVE-2015-3249
MLIST
BID
MISCapache -- traffic_server
 Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.2017-10-30not yet calculatedCVE-2014-3624
MLIST
BID
CONFIRMapache -- wicket
 Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.2017-10-30not yet calculatedCVE-2014-3526
CONFIRMapache -- wicket
 Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response.2017-10-30not yet calculatedCVE-2012-5636
BID
CONFIRMapache -- wss4j
 Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.2017-10-30not yet calculatedCVE-2015-0226
BID
CONFIRMapache -- xerces2_java
 Apache Xerces2 Java allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.2017-10-30not yet calculatedCVE-2012-0881
MLIST
CONFIRMapache -- xml-rpc
 The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.2017-10-27not yet calculatedCVE-2016-5003
MLIST
BID
BID
SECTRACK
MISC
XFarox -- school_erp_php_script
 AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.2017-10-31not yet calculatedCVE-2017-15978
EXPLOIT-DBarticle_directory_script -- article_directory_script
 Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.2017-10-29not yet calculatedCVE-2017-15960
MISC
EXPLOIT-DBbarco -- clickshare
 Unspecified vulnerability in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10 has unknown impact and attack vectors.2017-10-30not yet calculatedCVE-2017-12460
CONFIRM
CONFIRMbarco -- clickshare
 A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device.2017-10-30not yet calculatedCVE-2017-9377
BID
CONFIRM
CONFIRM
MISCbasic -- b2b_script
 Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.2017-10-31not yet calculatedCVE-2017-15985
EXPLOIT-DBbchunk -- bchunk
 bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.2017-10-28not yet calculatedCVE-2017-15955
MISCbchunk -- bchunk
 bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.2017-10-28not yet calculatedCVE-2017-15954
MISCbchunk -- bchunk
 bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file.2017-10-28not yet calculatedCVE-2017-15953
MISCbitdefender -- internet_security_2018
 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361.2017-10-31not yet calculatedCVE-2017-10954
BID
MISCcisco -- access_network_query_protocol
 A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779.2017-11-02not yet calculatedCVE-2017-12282
BID
SECTRACK
CONFIRMcisco -- aironet
 A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this vulnerability by sending a malformed 802.11 association request to the targeted device. An exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve12189.2017-11-02not yet calculatedCVE-2017-12273
BID
SECTRACK
CONFIRMcisco -- aironet
 A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of the EAP frame. An attacker could exploit this vulnerability by sending a malformed EAP frame to the targeted device. A successful exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. It may be necessary to manually power cycle the device in order for it to recover. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve18935.2017-11-02not yet calculatedCVE-2017-12274
BID
SECTRACK
CONFIRMcisco -- application_policy_infrastructure_controller_enterprise_module
 A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges. This vulnerability affects appliances or virtual devices running Cisco Application Policy Infrastructure Controller Enterprise Module prior to version 1.5. Cisco Bug IDs: CSCve89638.2017-11-02not yet calculatedCVE-2017-12262
BID
SECTRACK
CONFIRMcisco -- identity_services_engine
 A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability. The vulnerability affects the following Cisco Identity Services Engine (ISE) products running Release 1.4, 2.0, 2.0.1, 2.1.0: ISE, ISE Express, ISE Virtual Appliance. Cisco Bug IDs: CSCve74916.2017-11-02not yet calculatedCVE-2017-12261
BID
SECTRACK
CONFIRMcisco -- ios_software
 A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks that are performed by the affected device when the device adds padding to egress packets. An attacker could exploit this vulnerability by sending a crafted IP packet to an affected device. A successful exploit could allow the attacker to retrieve content from memory on the affected device, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvc21581.2017-11-02not yet calculatedCVE-2017-12279
BID
SECTRACK
CONFIRMcisco -- prime_collaboration_provisioning
 A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input in the SQL database. The attacker would need to have valid user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.3. Cisco Bug IDs: CSCvf47935.2017-11-02not yet calculatedCVE-2017-12276
BID
SECTRACK
CONFIRMcisco -- protected_extensible_authentication_protocol
 A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314.2017-11-02not yet calculatedCVE-2017-12281
BID
SECTRACK
CONFIRMcisco -- protected_management_frames
 A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. The vulnerability exists because the affected device does not properly validate 802.11w PAF disassociation and deauthentication frames that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. This vulnerability affects Access Points that are configured to run in FlexConnect mode. Cisco Bug IDs: CSCvc20627.2017-11-02not yet calculatedCVE-2017-12283
BID
SECTRACK
CONFIRMcisco -- simple_network_management_protocol
 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674.2017-11-02not yet calculatedCVE-2017-12278
BID
SECTRACK
CONFIRMcisco -- smart_licensing_manager
 A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863.2017-11-02not yet calculatedCVE-2017-12277
BID
CONFIRMcisco -- unified_computing_system
 A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.2017-11-02not yet calculatedCVE-2017-12243
BID
SECTRACK
CONFIRMcisco -- webex_meetings_server
 A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf85562.2017-11-02not yet calculatedCVE-2017-12294
BID
SECTRACK
CONFIRMcisco -- webex_meetings_server
 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header reply from the Cisco WebEx Meetings Server to the client, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCve65818.2017-11-02not yet calculatedCVE-2017-12295
BID
SECTRACK
CONFIRMcisco -- wireless_lan_controllers
 A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CAPWAP Discovery Request packets to an affected device. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb95842.2017-11-02not yet calculatedCVE-2017-12280
BID
SECTRACK
CONFIRMcisco -- wireless_lan_controllers
 A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803.2017-11-02not yet calculatedCVE-2017-12275
BID
SECTRACK
CONFIRMconverto -- video_downloader_and_converter
 ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.2017-10-29not yet calculatedCVE-2017-15956
MISCcreative_management_system -- creative_management_system_lite
 Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.2017-10-31not yet calculatedCVE-2017-15984
EXPLOIT-DBd-link -- dsl-2740e_1.00_BG_20150720_devices
 D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.2017-10-31not yet calculatedCVE-2016-10699
BID
MISCd-park_pro -- domain_parking_script
 D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.2017-10-29not yet calculatedCVE-2017-15958
MISC
EXPLOIT-DBdocker-ce -- docker-ce
 The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.2017-11-04not yet calculatedCVE-2017-16539
MISC
MISC
MISCdocker-ce -- docker-ce
 Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.2017-11-01not yet calculatedCVE-2017-14992
MISC
CONFIRMdulwich -- dulwich
 Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.2017-10-29not yet calculatedCVE-2017-16228
MISC
MISC
MISCdynamic -- news_magazine_and_blog_cms
 Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.2017-10-31not yet calculatedCVE-2017-15982
EXPLOIT-DBektron -- content_management_system
 Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.2017-10-30not yet calculatedCVE-2012-5357
CONFIRM
MISC
MISC
MISCektron -- content_management_system
 The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.2017-10-30not yet calculatedCVE-2012-5358
CONFIRM
MISC
MISCemc -- appsync_server
 EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system.2017-10-31not yet calculatedCVE-2017-14376
CONFIRM
BIDemc -- rsa_authentication_manager
 EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-10-31not yet calculatedCVE-2017-14373
CONFIRM
BID
SECTRACKemc -- unisphere
 EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system.2017-10-31not yet calculatedCVE-2017-14375
CONFIRM
SECTRACKenalean -- tuleap
 An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).2017-10-30not yet calculatedCVE-2017-7411
MISC
MISC
FULLDISC
MLIST
CONFIRMeyesofnetwork -- eyesofnetwork
 SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.2017-10-29not yet calculatedCVE-2017-16000
MISCeyesofnetwork -- eyesofnetwork
 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.2017-10-27not yet calculatedCVE-2017-15933
BID
MISCf5 -- multiple_products
 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.2017-10-27not yet calculatedCVE-2017-0303
BID
SECTRACK
CONFIRMf5 -- multiple_products
 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.2017-10-27not yet calculatedCVE-2017-6161
BID
SECTRACK
SECTRACK
CONFIRMf5 -- multiple_products
 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system.2017-10-27not yet calculatedCVE-2017-6157
BID
SECTRACK
CONFIRMf5 -- multiple_products
 In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable.2017-10-27not yet calculatedCVE-2017-6160
BID
SECTRACK
CONFIRMf5 -- multiple_products
 F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic.2017-10-27not yet calculatedCVE-2017-6159
BID
SECTRACK
CONFIRMf5 -- multiple_products
 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device.2017-10-27not yet calculatedCVE-2017-6162
BID
SECTRACK
CONFIRMf5 -- multiple_products
 In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed.2017-10-27not yet calculatedCVE-2017-6163
BID
SECTRACK
CONFIRMflets -- easy_setup_tool
 Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-11-02not yet calculatedCVE-2017-10825
MISC
MISCflexense -- syncbreeze
 Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode.2017-10-31not yet calculatedCVE-2017-15950
MISCfoxit -- reader
 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4722.2017-10-31not yet calculatedCVE-2017-10947
CONFIRM
MISCfoxit -- reader
 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ObjStm objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-4846.2017-10-31not yet calculatedCVE-2017-10944
CONFIRM
MISCfoxit -- reader
 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.alert function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4855.2017-10-31not yet calculatedCVE-2017-10945
CONFIRM
MISCfoxit -- reader
 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.execMenuItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4723.2017-10-31not yet calculatedCVE-2017-10948
CONFIRM
MISCfoxit -- reader
 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4737.2017-10-31not yet calculatedCVE-2017-10942
CONFIRM
MISCfoxit -- reader
 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5030.2017-10-31not yet calculatedCVE-2017-10953
BID
CONFIRM
MISCfoxit -- reader
 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4738.2017-10-31not yet calculatedCVE-2017-10943
CONFIRM
MISCfoxit -- reader
 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFParseDateEx function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4816.2017-10-31not yet calculatedCVE-2017-10941
CONFIRM
MISCfoxit -- reader
 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4721.2017-10-31not yet calculatedCVE-2017-10946
CONFIRM
MISCgnu -- wgetThe http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.2017-10-27not yet calculatedCVE-2017-13089
CONFIRM
DEBIAN
BID
SECTRACK
MISC
MISCgnu -- wget
 The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.2017-10-27not yet calculatedCVE-2017-13090
CONFIRM
DEBIAN
BID
SECTRACK
MISCgnu -- binutils
 elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.2017-10-29not yet calculatedCVE-2017-15996
BID
CONFIRM
CONFIRMgnu -- emacs
 GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.2017-10-31not yet calculatedCVE-2017-1000383
MLISTgoogle -- android
 In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network.2017-10-29not yet calculatedCVE-2017-15998
MISCgoogle -- android
 In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.2017-10-29not yet calculatedCVE-2017-15999
MISCgoogle -- android
 In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.2017-10-29not yet calculatedCVE-2017-15997
MISCgoogle -- chrome
 Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.2017-10-27not yet calculatedCVE-2017-5117
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOOgoogle -- chrome
 Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.2017-10-27not yet calculatedCVE-2017-5119
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOOgoogle -- chrome
 Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.2017-10-27not yet calculatedCVE-2017-5116
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOOgoogle -- chrome
 Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).2017-10-27not yet calculatedCVE-2017-5120
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOOgoogle -- chrome
 Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.2017-10-27not yet calculatedCVE-2017-5115
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOOgoogle -- chrome
 Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.2017-10-27not yet calculatedCVE-2017-5118
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOOgoogle -- chrome
 Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.2017-10-27not yet calculatedCVE-2017-5112
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOOgoogle -- chrome
 A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.2017-10-27not yet calculatedCVE-2017-5111
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOOgoogle -- chrome
 Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.2017-10-27not yet calculatedCVE-2017-5114
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOOgoogle -- chrome
 Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.2017-10-27not yet calculatedCVE-2017-5122
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOOgoogle -- chrome
 Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.2017-10-27not yet calculatedCVE-2017-5121
DEBIAN
BID
SECTRACK
MISC
MISC
MISC
GENTOOgoogle -- chrome
 Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.2017-10-27not yet calculatedCVE-2017-5113
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOOgraphicsmagick -- graphicsmagick
 GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.2017-11-01not yet calculatedCVE-2017-16353
MISC
MISC
BID
MISCgraphicsmagick -- graphicsmagick
 GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.2017-11-01not yet calculatedCVE-2017-16352
MISC
MISC
BID
MISChashicorp -- vagrant
 In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.2017-10-31not yet calculatedCVE-2017-15884
MISChpe -- performance_center
 A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.2017-11-03not yet calculatedCVE-2017-14359
BID
CONFIRMhp -- arcsight
 A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)2017-10-31not yet calculatedCVE-2017-14357
CONFIRM
AUSCERThp -- arcsight
 A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.2017-10-31not yet calculatedCVE-2017-14358
CONFIRM
AUSCERThp -- arcsight
 An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.2017-10-31not yet calculatedCVE-2017-14356
BID
CONFIRM
AUSCERTibm -- infosphere_biginsights
 IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398.2017-11-01not yet calculatedCVE-2017-1554
CONFIRM
BID
MISCibm -- infosphere_biginsights
 IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397.2017-11-01not yet calculatedCVE-2017-1553
CONFIRM
BID
MISCibm -- infosphere_biginsights
 IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396.2017-11-01not yet calculatedCVE-2017-1552
CONFIRM
BID
MISCibm -- jazz_reporting_services
 IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.2017-11-01not yet calculatedCVE-2017-1340
CONFIRM
MISCibm -- openpages_grc_platform
 IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.2017-11-01not yet calculatedCVE-2017-1148
CONFIRM
MISCibm -- openpages_grc_platform
 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711.2017-11-01not yet calculatedCVE-2016-3048
CONFIRM
BID
MISCibm -- openpages_grc_platform
 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.2017-11-01not yet calculatedCVE-2017-1300
CONFIRM
MISCibm -- openpages_grc_platform
 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200.2017-11-01not yet calculatedCVE-2017-1147
CONFIRM
MISCibm -- openpages_grc_platform
 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.2017-11-01not yet calculatedCVE-2017-1333
CONFIRM
BID
MISCibm -- openpages_grc_platform
 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151.2017-11-01not yet calculatedCVE-2017-1290
CONFIRM
MISCimap -- imap
 An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.2017-10-31not yet calculatedCVE-2017-1000257
BID
SECTRACK
CONFIRMingenious -- school_management_system
 my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.2017-10-29not yet calculatedCVE-2017-15957
MISC
EXPLOIT-DBiproject -- management_system
 iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.2017-10-29not yet calculatedCVE-2017-15961
MISC
EXPLOIT-DBipswitch -- ws_ftp_professional
 Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.2017-11-03not yet calculatedCVE-2017-16513
MISC
MISCistock -- management_system
 iStock Management System 1.0 allows Arbitrary File Upload via user/profile.2017-10-29not yet calculatedCVE-2017-15962
MISC
EXPLOIT-DBitech -- gigs_script
 iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.2017-10-29not yet calculatedCVE-2017-15963
MISC
EXPLOIT-DBjenkins -- jenkins
 Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites2017-11-01not yet calculatedCVE-2017-1000243
CONFIRMjenkins -- jenkins
 Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification2017-11-01not yet calculatedCVE-2017-1000244
CONFIRMjenkins -- jenkins
 Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure2017-11-01not yet calculatedCVE-2017-1000242
CONFIRMjob_board -- script_software
 Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.2017-10-29not yet calculatedCVE-2017-15964
MISC
EXPLOIT-DBjoomla! -- joomla!
 The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.2017-10-29not yet calculatedCVE-2017-15965
BID
MISC
EXPLOIT-DBjoomla! -- joomla!
 The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.2017-10-29not yet calculatedCVE-2017-15966
MISC
EXPLOIT-DBjoyent -- smart_data_center
 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853.2017-10-31not yet calculatedCVE-2017-10940
BID
MISC
MISCkorenix -- jetnet
 A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.2017-10-31not yet calculatedCVE-2017-14027
BID
MISCkorenix -- jetnet
 A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.2017-10-31not yet calculatedCVE-2017-14021
BID
MISClibvirt -- libvirt
 libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.2017-10-31not yet calculatedCVE-2017-1000256
CONFIRM
MISC
MLISTlinux -- linux_kernel
 The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.2017-10-27not yet calculatedCVE-2017-15951
CONFIRM
CONFIRM
BID
CONFIRMlinux -- linux_kernel
 On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable.2017-10-30not yet calculatedCVE-2017-1000255
BID
MISClinux -- linux_kernel
 The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction.2017-10-29not yet calculatedCVE-2006-5331
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-03not yet calculatedCVE-2017-16532
MISC
MISClinux -- linux_kernel
 The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-03not yet calculatedCVE-2017-16537
MISC
MISClinux -- linux_kernel
 drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).2017-11-03not yet calculatedCVE-2017-16538
MISC
MISC
MISClinux -- linux_kernel
 The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-03not yet calculatedCVE-2017-16529
MISC
MISClinux -- linux_kernel
 sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-03not yet calculatedCVE-2017-16527
MISC
MISClinux -- linux_kernel
 The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-03not yet calculatedCVE-2017-16535
MISC
MISClinux -- linux_kernel
 drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.2017-11-03not yet calculatedCVE-2017-16531
MISC
MISClinux -- linux_kernel
 The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-03not yet calculatedCVE-2017-16533
MISC
MISClinux -- linux_kernel
 drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-03not yet calculatedCVE-2017-16526
MISC
MISClinux -- linux_kernel
 The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-03not yet calculatedCVE-2017-16536
MISC
MISClinux -- linux_kernel
 The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.2017-11-03not yet calculatedCVE-2017-16530
MISC
MISClinux -- linux_kernel
 The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-03not yet calculatedCVE-2017-16534
MISC
MISClinux -- linux_kernel
 The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.2017-11-03not yet calculatedCVE-2017-16525
MISC
MISC
MISClinux -- linux_kernel
 sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-03not yet calculatedCVE-2017-16528
MISC
MISCmahara -- mahara_mobile
 Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.2017-11-03not yet calculatedCVE-2017-1000171
MISCmahara -- mahara
 Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.2017-11-03not yet calculatedCVE-2017-1000151
MISCmahara -- mahara
 Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.2017-11-03not yet calculatedCVE-2017-1000131
MISCmahara -- mahara
 Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.2017-10-31not yet calculatedCVE-2017-14752
CONFIRMmahara -- mahara
 Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.2017-11-03not yet calculatedCVE-2017-1000134
MISCmahara -- mahara
 Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.2017-11-03not yet calculatedCVE-2017-1000136
MISCmahara -- mahara
 Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.2017-11-03not yet calculatedCVE-2017-1000133
MISCmahara -- mahara
 An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the 'mahara' cookie to the old value, they can get access to the user's account.2017-10-31not yet calculatedCVE-2017-14163
CONFIRMmahara -- mahara
 Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.2017-11-03not yet calculatedCVE-2017-1000138
MISCmahara -- mahara
 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.2017-11-03not yet calculatedCVE-2017-1000142
MISCmahara -- mahara
 Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.2017-11-03not yet calculatedCVE-2017-1000155
MISCmahara -- mahara
 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.2017-11-03not yet calculatedCVE-2017-1000135
MISCmahara -- mahara
 Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).2017-11-03not yet calculatedCVE-2017-1000137
MISCmahara -- mahara
 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.2017-11-03not yet calculatedCVE-2017-1000132
MISCmahara -- mahara
 Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.2017-11-03not yet calculatedCVE-2017-1000154
MISCmahara -- mahara
 Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.2017-10-31not yet calculatedCVE-2017-15273
CONFIRM
CONFIRM
CONFIRM
CONFIRMmahara -- mahara
 Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.2017-11-03not yet calculatedCVE-2017-1000146
MISCmahara -- mahara
 Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.2017-11-03not yet calculatedCVE-2017-1000156
MISCmahara -- mahara
 Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.2017-11-03not yet calculatedCVE-2017-1000145
MISCmahara -- mahara
 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.2017-11-03not yet calculatedCVE-2017-1000143
MISCmahara -- mahara
 Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.2017-11-03not yet calculatedCVE-2017-1000144
MISCmahara -- mahara
 Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.2017-11-03not yet calculatedCVE-2017-1000157
MISCmahara -- mahara
 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.2017-11-03not yet calculatedCVE-2017-1000139
MISCmahara -- mahara
 Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings.2017-11-03not yet calculatedCVE-2017-1000152
MISCmahara -- mahara
 Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.2017-11-03not yet calculatedCVE-2017-1000148
MISCmahara -- mahara
 Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())2017-11-03not yet calculatedCVE-2017-1000149
MISCmahara -- mahara
 Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.2017-11-03not yet calculatedCVE-2017-1000140
MISCmahara -- mahara
 Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account.2017-11-03not yet calculatedCVE-2017-1000153
MISCmahara -- mahara
 Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.2017-11-03not yet calculatedCVE-2017-1000150
MISCmahara -- mahara
 Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.2017-11-03not yet calculatedCVE-2017-1000147
MISCmailing_list -- manager_pro
 Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.2017-10-29not yet calculatedCVE-2017-15967
MISC
EXPLOIT-DBmcafee -- network_data_loss_prevention
 Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.2017-10-31not yet calculatedCVE-2017-3935
CONFIRMmcafee -- network_data_loss_prevention
 Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.2017-10-31not yet calculatedCVE-2017-3933
BID
CONFIRMmcafee -- network_data_loss_prevention
 Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.2017-10-31not yet calculatedCVE-2017-3934
CONFIRMmicrosoft -- chakracore
 ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".2017-11-02not yet calculatedCVE-2017-11767
BID
SECTRACK
CONFIRMmitrastar -- mitrastar
 MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.2017-11-03not yet calculatedCVE-2017-16522
MISC
EXPLOIT-DBmitrastar -- mitrastar
 MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.2017-11-03not yet calculatedCVE-2017-16523
MISC
EXPLOIT-DBmongodb -- mongodb
 MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.2017-10-31not yet calculatedCVE-2017-15535
CONFIRMmybuilder -- clone
 MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.2017-10-29not yet calculatedCVE-2017-15968
MISC
EXPLOIT-DBmymagazine -- magazine_and_blog_cms
 MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.2017-10-31not yet calculatedCVE-2017-15983
EXPLOIT-DBnice  --  php 
 Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.2017-10-31not yet calculatedCVE-2017-15988
EXPLOIT-DBnode.js -- node.js
 Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.2017-10-30not yet calculatedCVE-2017-14919
CONFIRM
CONFIRM
CONFIRM
CONFIRMoctobercms -- octobercms
 Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.2017-10-31not yet calculatedCVE-2017-16244
CONFIRM
EXPLOIT-DBonline_exam_test_application -- online_exam_test_application
 Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.2017-10-31not yet calculatedCVE-2017-15989
EXPLOIT-DBopenam -- openam
 OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider.2017-11-02not yet calculatedCVE-2017-10873
JVN
MISC
MISCopenemr -- openemr
 OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.2017-11-04not yet calculatedCVE-2017-16540
MISC
MISCopenssl -- openssl
 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.2017-11-02not yet calculatedCVE-2017-3736
SECTRACK
CONFIRMoracle -- fusion_middleware
 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).2017-10-30not yet calculatedCVE-2017-10151
CONFIRM
BID
SECTRACKperl -- perl
 The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.2017-10-31not yet calculatedCVE-2017-16248
CONFIRM
CONFIRM
CONFIRMpg -- all_share_video
 PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.2017-10-29not yet calculatedCVE-2017-15969
MISC
EXPLOIT-DBphp -- cityportal
 PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.2017-10-29not yet calculatedCVE-2017-15970
MISC
EXPLOIT-DBphp -- inventory_and_invoice_management_system
 Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.2017-10-31not yet calculatedCVE-2017-15990
EXPLOIT-DBpluxml -- pluxml
 PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.2017-11-01not yet calculatedCVE-2017-1001001
CONFIRMprogress -- openedge
 Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.2017-10-31not yet calculatedCVE-2015-9245
MISCprotected_links -- expiring_download_links
 Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.2017-10-31not yet calculatedCVE-2017-15977
EXPLOIT-DBqemu -- qemu
 The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.2017-10-30not yet calculatedCVE-2015-7549
CONFIRM
FEDORA
DEBIAN
MLIST
BID
CONFIRM
GENTOOquagga -- quagga
 The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.2017-10-29not yet calculatedCVE-2017-16227
MISC
DEBIAN
MISC
MISC
MISCradare -- radare
 In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.2017-11-01not yet calculatedCVE-2017-16358
CONFIRM
CONFIRMradare -- radare
 In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.2017-11-01not yet calculatedCVE-2017-16359
CONFIRM
CONFIRM
CONFIRM
CONFIRMradare -- radare
 In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.2017-11-01not yet calculatedCVE-2017-16357
CONFIRM
CONFIRMrakuraku -- hagaki
 Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.2017-11-02not yet calculatedCVE-2017-10870
MISC
MISCresponsive -- newspaper_magazine_and_blog_cms
 Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.2017-10-31not yet calculatedCVE-2017-15981
EXPLOIT-DBrsync -- rsync
 rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other products, mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions.2017-10-29not yet calculatedCVE-2017-15994
MISC
MISC
MISCruby -- ruby
 In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.2017-11-03not yet calculatedCVE-2017-16516
MISC
MISCsame_sex_dating_software_pro -- same_sex_dating_software_pro
 Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.2017-10-29not yet calculatedCVE-2017-15971
MISC
EXPLOIT-DBschedmd -- slurm
 Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.2017-11-01not yet calculatedCVE-2017-15566
CONFIRMscriptcopy -- cpa_lead_reward_script
 CPA Lead Reward Script allows SQL Injection via the username parameter.2017-10-31not yet calculatedCVE-2017-15986
EXPLOIT-DBserasoft.com -- sera
 Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.2017-11-01not yet calculatedCVE-2017-15918
MISCshadowsocks-libev -- shadowsocks-libev
 In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.2017-10-27not yet calculatedCVE-2017-15924
MISC
DEBIAN
MISC
MISC
MISCsharett -- shareet
 Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.2017-10-31not yet calculatedCVE-2017-15979
EXPLOIT-DBsoftech_products -- softdatepro
 SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.2017-10-29not yet calculatedCVE-2017-15972
MISC
EXPLOIT-DBsokial -- sokial
 Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.2017-10-29not yet calculatedCVE-2017-15973
MISC
EXPLOIT-DBssh -- ssh_plugin
 The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.2017-11-01not yet calculatedCVE-2017-1000245
CONFIRMsynology -- audio_station
 Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.2017-10-30not yet calculatedCVE-2017-15888
CONFIRMtenable -- securitycenter
 SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.2017-11-02not yet calculatedCVE-2017-11508
CONFIRMtor -- browser
 Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.2017-11-04not yet calculatedCVE-2017-16541
MISC
MISC
MISC
MISC
MISCtp-link -- tl-wr741n/tl-wr741nd_router
 In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Firmware Version 3.11.7 Build 100603 Rel.56412n and Hardware Version: WR741N v1/v2 00000000, parameter SSID in the "Wireless Settings" is not properly validated. It's possible to inject malicious code: </script><H1>BUG/* </script><a href=XXX.com>. The second payload blocks the change of wireless settings. A factory reset is required.2017-10-31not yet calculatedCVE-2017-14250
MISCtpanel -- tpanel
 tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.2017-10-29not yet calculatedCVE-2017-15974
MISC
EXPLOIT-DBtypecho -- typecho
 In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit.2017-10-30not yet calculatedCVE-2017-16230
MISCus_zip_codes -- database_script
 US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.2017-10-31not yet calculatedCVE-2017-15980
EXPLOIT-DBvastal -- i-tech_agent_zone
 Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.2017-10-31not yet calculatedCVE-2017-15991
EXPLOIT-DBvastal -- i-tech_dating_zone
 Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.2017-10-29not yet calculatedCVE-2017-15975
MISC
EXPLOIT-DBvim -- vim
 VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.2017-10-31not yet calculatedCVE-2017-1000382
MLISTvir.it -- explorer_anti-virus
 In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.2017-11-03not yet calculatedCVE-2017-16237
EXPLOIT-DBwatchdog -- anti-malware
 In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.2017-10-30not yet calculatedCVE-2017-15920
MISC
EXPLOIT-DBwatchdog -- anti-malware
 In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.2017-10-30not yet calculatedCVE-2017-15921
MISC
EXPLOIT-DBwebkit -- webkit
 The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.2017-11-01not yet calculatedCVE-2017-1000121
CONFIRMwebkit -- webkit
 The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.2017-11-01not yet calculatedCVE-2017-1000122
CONFIRMwebsite_broker_script -- website_broker_script
 Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.2017-10-31not yet calculatedCVE-2017-15992
EXPLOIT-DBwebsitescripts.org -- fake_magazine_cover_script
 Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.2017-10-31not yet calculatedCVE-2017-15987
EXPLOIT-DBnicewordpress -- wordpress
 WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.2017-11-02not yet calculatedCVE-2017-16510
MISC
MISC
MISC
MISCxen -- xen
 An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.2017-10-30not yet calculatedCVE-2017-15597
MLIST
BID
SECTRACK
CONFIRM
CONFIRMzeebuddy -- zeebuddy
 ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.2017-10-29not yet calculatedCVE-2017-15976
MISC
EXPLOIT-DBzomato -- clone_script
 Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.2017-10-31not yet calculatedCVE-2017-15993
EXPLOIT-DBBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

2 weeks 2 days ago
Original release date: November 01, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability cisco-sa-20171101-wlc2
  • Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability cisco-sa-20171101-wlc1
  • Identity Services Engine Privilege Escalation Vulnerability cisco-sa-20171101-ise
  • Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability cisco-sa-20171101-fpwr
  • Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability cisco-sa-20171101-cpcp
  • Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability cisco-sa-20171101-apicem
  • Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability cisco-sa-20171101-aironet2
  • Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability cisco-sa-20171101-aironet1

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Apple Releases Multiple Security Updates

2 weeks 3 days ago
Original release date: October 31, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Protecting Critical Infrastructure from Cyber Threats

2 weeks 4 days ago
Original release date: October 31, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.

US-CERT encourages users and administrators to review the following:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Oracle Releases Security Bulletin

2 weeks 4 days ago
Original release date: October 30, 2017

Oracle has released a security update bulletin to address a vulnerability in Oracle Identity Manager. A remote attacker could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review the Oracle Security Alert Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT
Checked
11 minutes 40 seconds ago
Subscribe to US CERT feed