US CERT

IBM Cisco Security Update

1 day ago
Original release date: July 21, 2017

IBM has released a security update to address some vulnerabilities in its IBM Cisco MDS Series Switches Data Center Network Manager (DCNM) software. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the IBM Security Advisory for vulnerability and mitigation details.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Update

1 day 22 hours ago
Original release date: July 20, 2017

Cisco has released a security update to address a vulnerability in its Web Security Appliance (WSA). A remote attacker could exploit this vulnerability to take control of a system.

US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Update

1 day 22 hours ago
Original release date: July 20, 2017

Cisco has released a security update to address a vulnerability in its Web Security Appliance (WSA). A remote attacker could exploit this vulnerability to take control of a system.

US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Apple Releases Security Updates

2 days 19 hours ago
Original release date: July 19, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Apple Releases Security Updates

2 days 19 hours ago
Original release date: July 19, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Oracle Releases Security Bulletin

3 days 18 hours ago
Original release date: July 18, 2017

Oracle has released its Critical Patch Update for July 2017 to address 308 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle July 2017 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Oracle Releases Security Bulletin

3 days 18 hours ago
Original release date: July 18, 2017

Oracle has released its Critical Patch Update for July 2017 to address 308 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle July 2017 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

4 days 17 hours ago
Original release date: July 17, 2017

Cisco has released security updates to address a vulnerability in its WebEx browser extension on Google Chrome and Mozilla Firefox. A remote attacker could exploit this vulnerability to take control of a system.

US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

4 days 17 hours ago
Original release date: July 17, 2017

Cisco has released security updates to address a vulnerability in its WebEx browser extension on Google Chrome and Mozilla Firefox. A remote attacker could exploit this vulnerability to take control of a system.

US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

FBI Releases Article on Privacy Risks Associated with Internet-Connected Children's Toys

4 days 21 hours ago
Original release date: July 17, 2017

The Federal Bureau of Investigation (FBI) has released an article on the privacy risks associated with Internet-connected children's toys. FBI warns that Internet-connected toys may contain "sensors, microphones, cameras, data storage components, and other multimedia capabilities - including speech recognition and GPS options" that may put the privacy and safety of children at risk due to the disclosure of personal information. FBI recommends that consumers read user agreement disclosures and privacy practices for information on how a toy's data may be used.

Users and administrators are encouraged to review the FBI article for more information and refer to the US-CERT Tip Protecting Your Privacy.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

FBI Releases Article on Privacy Risks Associated with Internet-Connected Children's Toys

4 days 21 hours ago
Original release date: July 17, 2017

The Federal Bureau of Investigation (FBI) has released an article on the privacy risks associated with Internet-connected children's toys. FBI warns that Internet-connected toys may contain "sensors, microphones, cameras, data storage components, and other multimedia capabilities - including speech recognition and GPS options" that may put the privacy and safety of children at risk due to the disclosure of personal information. FBI recommends that consumers read user agreement disclosures and privacy practices for information on how a toy's data may be used.

Users and administrators are encouraged to review the FBI article for more information and refer to the US-CERT Tip Protecting Your Privacy.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

SB17-198: Vulnerability Summary for the Week of July 10, 2017

5 days 2 hours ago
Original release date: July 17, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- strutsThe Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.2017-07-107.5CVE-2017-9791
CONFIRM
BID
SECTRACKcisco -- firesight_system_softwareA vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.2017-07-107.2CVE-2017-6735
BID
SECTRACK
CONFIRMcisco -- prime_networkA vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2).2017-07-107.2CVE-2017-6732
BID
CONFIRMdlink -- dir-615On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.2017-07-077.5CVE-2017-7405
MISC
MISCfinecms_project -- finecmsFineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.2017-07-127.5CVE-2017-11167
MISCfoxitsoftware -- foxit_readerFoxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.2017-07-079.3CVE-2017-10994
BID
CONFIRMfreedesktop -- systemdsystemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.2017-07-0710.0CVE-2017-1000082
MLIST
BID
CONFIRMgraphicsmagick -- graphicsmagickGraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.2017-07-097.5CVE-2017-11139
CONFIRM
BIDgraphicsmagick -- graphicsmagickThe ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.2017-07-097.1CVE-2017-11140
CONFIRM
BIDimagemagick -- imagemagickThe ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.2017-07-097.1CVE-2017-11141
BID
CONFIRMimagemagick -- imagemagickThe ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.2017-07-107.1CVE-2017-11166
CONFIRMimagemagick -- imagemagickThe ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.2017-07-127.8CVE-2017-11188
CONFIRMirssi -- irssiAn issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.2017-07-077.5CVE-2017-10965
CONFIRM
CONFIRMirssi -- irssiAn issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.2017-07-077.5CVE-2017-10966
CONFIRM
CONFIRMismartalarm -- cube_one_firmwareOn iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.2017-07-117.5CVE-2017-7728
MISCismartalarm -- cube_one_firmwareiSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.2017-07-117.8CVE-2017-7730
MISCkddi -- home_spot_cube_2_firmwareHOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.2017-07-078.3CVE-2017-2186
JVN
BID
CONFIRMlinux -- linux_kernelThe mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.2017-07-1110.0CVE-2017-11176
CONFIRM
CONFIRMmcafee -- advanced_threat_defenseAuthentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter.2017-07-127.5CVE-2017-4052
CONFIRMmcafee -- advanced_threat_defenseCommand Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter.2017-07-127.5CVE-2017-4053
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601,CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8595
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8610, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8596
BID
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8598
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8598 and CVE-2017-8609.2017-07-117.6CVE-2017-8601
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8603
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8604
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8605
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8609
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8610
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability."2017-07-117.6CVE-2017-8617
BID
CONFIRMmicrosoft -- edgeMicrosoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609.2017-07-117.6CVE-2017-8619
BID
SECTRACK
CONFIRMmicrosoft -- excelMicrosoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8501.2017-07-119.3CVE-2017-8502
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorerMicrosoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-86092017-07-117.6CVE-2017-8606
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorerMicrosoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-86092017-07-117.6CVE-2017-8607
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorerMicrosoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-86092017-07-117.6CVE-2017-8608
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorerInternet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609.2017-07-117.6CVE-2017-8618
BID
SECTRACK
CONFIRMmicrosoft -- officeMicrosoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.2017-07-119.3CVE-2017-8570
BID
CONFIRMmicrosoft -- office_online_serverMicrosoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.2017-07-119.3CVE-2017-8501
BID
SECTRACK
CONFIRMmicrosoft -- windows_rt_8.1Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467.2017-07-119.3CVE-2017-8578
BID
SECTRACK
CONFIRMmicrosoft -- windows_rt_8.1Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability".2017-07-1110.0CVE-2017-8589
BID
SECTRACK
CONFIRMnfsen -- nfsenNfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).2017-07-109.0CVE-2017-7175
CONFIRM
EXPLOIT-DBpcre -- pcreIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.2017-07-107.8CVE-2017-11164
MISCphp -- phpIn PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.2017-07-107.8CVE-2017-11142
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMschneider_electric -- wonderware_archestra_loggerA Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.2017-07-0710.0CVE-2017-9629
MISC
BID
SECTRACK
MISCsqlite -- sqliteThe getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.2017-07-077.5CVE-2017-10989
MISC
BID
MISC
MISC
MISC
MISCtoshiba -- hem-gw26a_firmwareToshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges.2017-07-077.5CVE-2017-2234
JVNtoshiba -- hem-gw26a_firmwareToshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.2017-07-077.5CVE-2017-2236
JVNtoshiba -- hem-gw26a_firmwareToshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.2017-07-0710.0CVE-2017-2237
JVNxar_project -- xarlibxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.2017-07-097.5CVE-2017-11124
MISCxar_project -- xarlibxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c.2017-07-097.5CVE-2017-11125
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- quicktimeUntrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-076.8CVE-2017-2218
JVN
MISCbrother_industries -- mfc-j960dwn_firmwareCross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-07-076.8CVE-2017-2244
JVN
CONFIRMcharamin -- ompUntrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-076.8CVE-2017-2227
JVNcisco -- asr_5000_seriesA vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0.2017-07-105.0CVE-2017-6729
SECTRACK
CONFIRMcisco -- identity_services_engineA vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151).2017-07-104.3CVE-2017-6733
BID
SECTRACK
CONFIRMcisco -- ios_xrA vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.3.1.15i.BASE 6.2.3.1i.BASE 6.2.2.15i.BASE 6.1.4.10i.BASE.2017-07-106.9CVE-2017-6728
BID
SECTRACK
CONFIRMcisco -- ios_xrA vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST.2017-07-105.0CVE-2017-6731
SECTRACK
CONFIRMcisco -- wide_area_application_servicesA vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22).2017-07-105.0CVE-2017-6727
BID
SECTRACK
CONFIRMcisco -- wide_area_application_servicesA vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17.2017-07-105.0CVE-2017-6730
BID
SECTRACK
CONFIRMcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.2017-07-075.8CVE-2017-2144
JVN
CONFIRMcybozu -- garoonSession fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.2017-07-075.8CVE-2017-2145
JVN
CONFIRMdfactory -- responsive_lightboxCross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2017-07-074.3CVE-2017-2243
JVN
BID
CONFIRMdlink -- dir-615On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware.2017-07-076.8CVE-2017-7404
MISC
MISCdlink -- dir-615The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic.2017-07-075.0CVE-2017-7406
MISC
MISCdownload_manager_project -- download_managerOpen redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2017-07-075.8CVE-2017-2217
JVN
CONFIRM
CONFIRMetherpad -- etherpadDirectory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.2017-07-075.0CVE-2015-3297
MLIST
MLIST
BID
CONFIRMfinecms_project -- finecmsFineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account.2017-07-114.3CVE-2017-11179
MISCfinecms_project -- finecmsFineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen.2017-07-114.3CVE-2017-11180
MISCfinecms_project -- finecmsCross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter.2017-07-124.3CVE-2017-11198
MISCfinecms_project -- finecmsSQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.2017-07-126.5CVE-2017-11200
MISCfinecms_project -- finecmsFineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180.2017-07-124.3CVE-2017-11202
MISCfossies -- catdocThe ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer.2017-07-086.8CVE-2017-11110
MISCgnu -- ncursesIn ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.2017-07-085.0CVE-2017-11112
MISCgnu -- ncursesIn ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.2017-07-085.0CVE-2017-11113
MISCgoogle -- androidRace condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000.2017-07-076.9CVE-2014-7953
FULLDISC
BUGTRAQ
BID
CONFIRMgraphicsmagick -- graphicsmagickThe ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.2017-07-075.0CVE-2017-11102
CONFIRM
CONFIRM
BIDibm -- infosphere_information_serverIBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916.2017-07-124.3CVE-2017-1321
CONFIRM
MISCibm -- websphere_mqIBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.2017-07-104.3CVE-2017-1337
CONFIRM
BID
MISCimagemagick -- imagemagickThe mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.2017-07-074.3CVE-2017-10995
BID
CONFIRMiodata -- ts-wlce_camera_firmwareCross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-07-076.8CVE-2017-2223
MISC
BID
JVNismartalarm -- cube_one_firmwareiSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.2017-07-115.0CVE-2017-7726
MISCismartalarm -- cube_one_firmwareOn iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext.2017-07-115.0CVE-2017-7729
MISCkddi -- home_spot_cube_2_firmwareHOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.2017-07-075.2CVE-2017-2183
JVN
BID
CONFIRMkddi -- home_spot_cube_2_firmwareBuffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.2017-07-075.8CVE-2017-2184
JVN
BID
CONFIRMkddi -- home_spot_cube_2_firmwareHOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI.2017-07-075.2CVE-2017-2185
JVN
BID
CONFIRMknot-dns -- knot_dnsKnot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check.2017-07-084.3CVE-2017-11104
MISC
MISC
MISCmarp_project -- marpMarp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript.2017-07-076.8CVE-2017-2239
JVNmcafee -- advanced_threat_defenseCommand Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter.2017-07-126.5CVE-2017-4054
CONFIRMmcafee -- advanced_threat_defenseExploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization.2017-07-125.0CVE-2017-4055
CONFIRMmcafee -- advanced_threat_defensePrivilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands.2017-07-126.5CVE-2017-4057
CONFIRMmext -- ebidsettingcheckerUntrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-076.8CVE-2017-2225
JVN
MISCmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability".2017-07-114.3CVE-2017-8599
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."2017-07-114.3CVE-2017-8611
BID
SECTRACK
CONFIRMmicrosoft -- exchange_serverMicrosoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560.2017-07-114.3CVE-2017-8559
BID
SECTRACK
CONFIRMmicrosoft -- exchange_serverMicrosoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.2017-07-114.3CVE-2017-8560
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorerMicrosoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability."2017-07-114.3CVE-2017-8602
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- sharepoint_serverMicrosoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability".2017-07-116.5CVE-2017-8569
BID
SECTRACK
CONFIRMmicrosoft -- windows_10Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability".2017-07-114.4CVE-2017-8566
BID
SECTRACK
CONFIRMmicrosoft -- windows_rt_8.1Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".2017-07-116.9CVE-2017-8561
BID
CONFIRMmicrosoft -- windows_rt_8.1Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability".2017-07-115.1CVE-2017-8563
BID
CONFIRMmicrosoft -- windows_rt_8.1Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467.2017-07-116.9CVE-2017-8577
BID
SECTRACK
CONFIRMmicrosoft -- windows_rt_8.1Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467.2017-07-116.2CVE-2017-8580
BID
SECTRACK
CONFIRMmicrosoft -- windows_rt_8.1Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".2017-07-114.6CVE-2017-8590
BID
SECTRACK
CONFIRMmpg123 -- mpg123The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870.2017-07-094.3CVE-2017-11126
MISC
MISCnational_tax_agency -- e-taxUntrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-076.8CVE-2017-2226
JVN
BIDnilim -- road_construction_completion_diagram_check_programUntrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-076.8CVE-2017-2230
JVN
MISC
MISCnitro -- nitro_proNitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.2017-07-074.3CVE-2017-7950
BID
CONFIRMphp -- phpIn PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).2017-07-105.0CVE-2016-10397
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMphp -- phpIn PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.2017-07-105.0CVE-2017-11143
CONFIRM
CONFIRM
CONFIRM
CONFIRMphp -- phpIn PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.2017-07-105.0CVE-2017-11144
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMphp -- phpIn PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function.2017-07-105.0CVE-2017-11145
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMphp -- phpIn PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.2017-07-106.4CVE-2017-11147
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMphpldapadmin -- phpldapadminphpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.2017-07-084.3CVE-2017-11107
MISC
MISCschneider_electric -- wonderware_archestra_loggerAn Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service.2017-07-075.0CVE-2017-9627
MISC
BID
SECTRACK
MISCschneider_electric -- wonderware_archestra_loggerA Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable).2017-07-075.0CVE-2017-9631
MISC
BID
SECTRACK
MISCshortcodes_ultimate_project -- shortcodes_ultimateDirectory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors.2017-07-074.0CVE-2017-2245
BID
JVN
CONFIRM
CONFIRMswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.2017-07-076.8CVE-2017-11096
MISCswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.2017-07-076.8CVE-2017-11097
MISCswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.2017-07-076.8CVE-2017-11098
MISCswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c.2017-07-076.8CVE-2017-11099
MISCswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.2017-07-076.8CVE-2017-11100
MISCswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.2017-07-076.8CVE-2017-11101
MISCtcpdump -- tcpdumptcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.2017-07-085.0CVE-2017-11108
MISCtoshiba -- hem-gw26a_firmwareToshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors.2017-07-075.0CVE-2017-2235
JVNtoshiba -- hem-gw26a_firmwareCross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-07-076.8CVE-2017-2238
JVNvim -- vimVim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.2017-07-086.8CVE-2017-11109
MISC
MISC.web-dorado -- event_calendar_wdCross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-07-074.3CVE-2017-2224
BID
JVN
CONFIRM
CONFIRMwp-members_project -- wp-membersCross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-07-074.3CVE-2017-2222
JVN
CONFIRM
CONFIRMwp-statistics -- wp_statisticsThe WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.2017-07-074.3CVE-2017-10991
MISCwpdownloadmanager -- download_managerCross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-07-074.3CVE-2017-2216
JVN
CONFIRM
CONFIRMyaws -- yawsYaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.2017-07-075.0CVE-2017-10974
MISC
BID
EXPLOIT-DBBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocacti -- cactiCross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.2017-07-103.5CVE-2017-11163
CONFIRMcisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800).2017-07-103.5CVE-2017-6734
BID
SECTRACK
CONFIRMcisco -- prime_networkA vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.2(1.0)P1.2017-07-102.1CVE-2017-6726
BID
CONFIRMcybozu -- garoonCross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.2017-07-073.5CVE-2017-2146
JVN
CONFIRMfairsketch -- rise_ultimate_project_managerIn Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable.2017-07-113.5CVE-2017-11181
MISCfairsketch -- rise_ultimate_project_managerIn Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable.2017-07-113.5CVE-2017-11182
MISCfinecms_project -- finecmsapplication/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action.2017-07-123.5CVE-2017-11201
MISCgoogle -- androidDirectory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request.2017-07-072.1CVE-2014-7954
MISC
FULLDISC
BUGTRAQ
BIDibm -- websphere_mqIBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.2017-07-101.9CVE-2017-1284
CONFIRM
BID
MISCmicrosoft -- windows_rt_8.1Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467.2017-07-113.7CVE-2017-8581
BID
SECTRACK
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- httpd
 In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.2017-07-13not yet calculatedCVE-2017-9788
CONFIRM
CONFIRM
MLISTapache -- httpd
 When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.2017-07-13not yet calculatedCVE-2017-9789
CONFIRM
MLISTapache -- impala
 During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext.2017-07-10not yet calculatedCVE-2017-5652
MLISTapache -- impala
 It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.2017-07-10not yet calculatedCVE-2017-5640
BID
MLISTapache -- solr
 Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.2017-07-07not yet calculatedCVE-2017-7660
MLIST
BIDapache -- spark
 In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs.2017-07-12not yet calculatedCVE-2017-7678
MLISTapache -- struts
 If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.2017-07-13not yet calculatedCVE-2017-7672
CONFIRM
MLISTapache -- struts
 When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.2017-07-13not yet calculatedCVE-2017-9787
CONFIRM
MLISTapache -- traffic_router
 The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.2017-07-10not yet calculatedCVE-2017-7670
MLISTavg -- antivirus
 AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files.2017-07-12not yet calculatedCVE-2017-9977
MISCcanonical -- ubuntu
 ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.2017-07-11not yet calculatedCVE-2017-10600
CONFIRMcloud_foundry -- cloud_foundry
 In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.2017-07-10not yet calculatedCVE-2017-8032
CONFIRMemc -- data_protection_advisor

 EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.2017-07-09not yet calculatedCVE-2017-8003
CONFIRM
BID
SECTRACKemc -- data_protection_advisor
 EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands.2017-07-09not yet calculatedCVE-2017-8002
CONFIRM
BID
SECTRACKemc -- esrs_policy_manager
 EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server.2017-07-09not yet calculatedCVE-2017-4976
CONFIRM
SECTRACKfinecms -- finecms
 In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked.2017-07-11not yet calculatedCVE-2017-11178
MISCgnome_project -- gnome
 Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible.2017-07-11not yet calculatedCVE-2017-11171
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249.2017-07-13not yet calculatedCVE-2017-6249
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340.2017-07-07not yet calculatedCVE-2017-0340
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. References: N-CVE-2017-0326.2017-07-07not yet calculatedCVE-2017-0326
BID
CONFIRMheimdal -- heimdal
 Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.2017-07-13not yet calculatedCVE-2017-11103
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRMibm -- bigfix_inventory
 IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853.2017-07-13not yet calculatedCVE-2016-8964
CONFIRM
MISCibm -- daeja_viewoneIBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.2017-07-13not yet calculatedCVE-2017-1308
CONFIRM
MISCibm -- emptoris_sourcingIBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352.2017-07-12not yet calculatedCVE-2016-6114
CONFIRM
MISCibm -- emptoris_sourcing
 IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 1188342017-07-12not yet calculatedCVE-2016-8947
CONFIRM
MISCibm -- emptoris_sourcing
 IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833.2017-07-12not yet calculatedCVE-2016-8946
CONFIRM
MISCibm -- emptoris_sourcing
 IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837.2017-07-12not yet calculatedCVE-2016-8950
CONFIRM
MISCibm -- emptoris_sourcing
 IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835.2017-07-12not yet calculatedCVE-2016-8948
CONFIRM
MISCibm -- emptoris_sourcing

 IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840.2017-07-12not yet calculatedCVE-2016-8953
CONFIRM
MISCibm -- emptoris_strategic_supply_management _platform
 IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739.2017-07-13not yet calculatedCVE-2016-6019
CONFIRM
MISCibm -- emptoris_strategic_supply_management_platform
 IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log out users and flood user accounts with emails. IBM X-Force ID: 118838.2017-07-13not yet calculatedCVE-2016-8951
CONFIRM
MISCibm -- emptoris_strategic_supply_management_platform
 IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839.2017-07-13not yet calculatedCVE-2016-8952
CONFIRM
MISCibm -- websphere_commerece_enterprise
 IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.2017-07-10not yet calculatedCVE-2017-1398
CONFIRM
BID
MISCibm -- websphere_mq
 IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.2017-07-12not yet calculatedCVE-2017-1285
MISC
CONFIRMiceni -- infix
 An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.2017-07-12not yet calculatedCVE-2017-2863
MISCimagemagick -- imagemagick
 The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.2017-07-11not yet calculatedCVE-2017-11170
CONFIRMimagemagick -- imagemagick
 The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.2017-07-13not yet calculatedCVE-2017-11310
CONFIRM
CONFIRMipsilon -- ipsilon
 A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users.2017-07-12not yet calculatedCVE-2016-8638
CONFIRM
CONFIRM
CONFIRMmicrosoft -- office
 Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570.2017-07-11not yet calculatedCVE-2017-0243
BID
SECTRACK
CONFIRMmicrosoft -- windowsMicrosoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka "WordPad Remote Code Execution Vulnerability".2017-07-11not yet calculatedCVE-2017-8588
BID
SECTRACK
CONFIRMmicrosoft -- windowsMicrosoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability".2017-07-11not yet calculatedCVE-2017-8562
BID
CONFIRMmicrosoft -- windowsGraphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574.2017-07-11not yet calculatedCVE-2017-8556
BID
SECTRACK
CONFIRMmicrosoft -- windowsWindows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability".2017-07-11not yet calculatedCVE-2017-8557
BID
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8574 and CVE-2017-8556.2017-07-11not yet calculatedCVE-2017-8573
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability".2017-07-11not yet calculatedCVE-2017-8565
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556.2017-07-11not yet calculatedCVE-2017-8574
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability".2017-07-11not yet calculatedCVE-2017-8564
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.2017-07-11not yet calculatedCVE-2017-8585
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".2017-07-11not yet calculatedCVE-2017-8621
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability".2017-07-11not yet calculatedCVE-2017-0170
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".2017-07-11not yet calculatedCVE-2017-8594
BID
CONFIRMmicrosoft -- windows
 Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass".2017-07-11not yet calculatedCVE-2017-8592
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- windows
 Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability."2017-07-11not yet calculatedCVE-2017-8584
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability when it attempts to open a non-existent file, aka "Windows Explorer Denial of Service Vulnerability".2017-07-11not yet calculatedCVE-2017-8587
BID
SECTRACK
CONFIRMmicrosoft -- windows
 HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when the component improperly handles objects in memory, aka "Https.sys Information Disclosure Vulnerability".2017-07-11not yet calculatedCVE-2017-8582
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability".2017-07-11not yet calculatedCVE-2017-8495
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka "Windows Explorer Remote Code Execution Vulnerability".2017-07-11not yet calculatedCVE-2017-8463
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability".2017-07-11not yet calculatedCVE-2017-8467
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulnerability".2017-07-11not yet calculatedCVE-2017-8486
BID
SECTRACK
CONFIRMnginx -- nginx
 Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.2017-07-13not yet calculatedCVE-2017-7529
MLISTphp_group -- php
 In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, lack of bounds checks in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11145.2017-07-10not yet calculatedCVE-2017-11146
CONFIRM
CONFIRM
CONFIRMphpmyfaq -- phpmyfaq
 phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.2017-07-12not yet calculatedCVE-2017-11187
CONFIRMpoppler -- poppler
 An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.2017-07-12not yet calculatedCVE-2017-2820
MISCpoppler -- poppler
 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.2017-07-12not yet calculatedCVE-2017-2818
MISCpoppler -- poppler
 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.2017-07-12not yet calculatedCVE-2017-2814
MISCproject_c-ares -- c-ares
 The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.2017-07-07not yet calculatedCVE-2017-1000381
BID
CONFIRM
CONFIRMpulse_secure -- pulse_connect_securePulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.2017-07-12not yet calculatedCVE-2017-11196
MISC
MISCpulse_secure -- pulse_connect_secure
 Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this.2017-07-12not yet calculatedCVE-2017-11195
MISC
MISCpulse_secure -- pulse_connect_secure
 Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc.2017-07-12not yet calculatedCVE-2017-11194
MISC
MISCpulse_secure -- pulse_connect_secure
 Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.2017-07-12not yet calculatedCVE-2017-11193
MISC
MISCrack-cors -- rack-cors
 Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.2017-07-12not yet calculatedCVE-2017-11173
MISC
MISC
MISCsap -- netweaverSAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.2017-07-12not yet calculatedCVE-2017-9844
MISCsap -- netweaver
 SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.2017-07-12not yet calculatedCVE-2017-9843
MISCsap -- netweaver
 disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.2017-07-12not yet calculatedCVE-2017-9845
MISCsiemens -- simatic_cp_44x-1_rna
 An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU.2017-07-07not yet calculatedCVE-2017-6868
BID
SECTRACK
MISCthermo_fisher_scientific -- datataker_dt80_dex
 dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.2017-07-12not yet calculatedCVE-2017-11165
MISCunrar-free -- unrar-free
 unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via an RAR archive containing a long filename.2017-07-12not yet calculatedCVE-2017-11190
MISCunrar-free -- unrar-free
 unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application.2017-07-12not yet calculatedCVE-2017-11189
MISCxoops -- xoops
 In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.2017-07-12not yet calculatedCVE-2017-11174
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

SB17-198: Vulnerability Summary for the Week of July 10, 2017

5 days 2 hours ago
Original release date: July 17, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- strutsThe Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.2017-07-107.5CVE-2017-9791
CONFIRM
BID
SECTRACKcisco -- firesight_system_softwareA vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.2017-07-107.2CVE-2017-6735
BID
SECTRACK
CONFIRMcisco -- prime_networkA vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2).2017-07-107.2CVE-2017-6732
BID
CONFIRMdlink -- dir-615On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.2017-07-077.5CVE-2017-7405
MISC
MISCfinecms_project -- finecmsFineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.2017-07-127.5CVE-2017-11167
MISCfoxitsoftware -- foxit_readerFoxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.2017-07-079.3CVE-2017-10994
BID
CONFIRMfreedesktop -- systemdsystemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.2017-07-0710.0CVE-2017-1000082
MLIST
BID
CONFIRMgraphicsmagick -- graphicsmagickGraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.2017-07-097.5CVE-2017-11139
CONFIRM
BIDgraphicsmagick -- graphicsmagickThe ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.2017-07-097.1CVE-2017-11140
CONFIRM
BIDimagemagick -- imagemagickThe ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.2017-07-097.1CVE-2017-11141
BID
CONFIRMimagemagick -- imagemagickThe ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.2017-07-107.1CVE-2017-11166
CONFIRMimagemagick -- imagemagickThe ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.2017-07-127.8CVE-2017-11188
CONFIRMirssi -- irssiAn issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.2017-07-077.5CVE-2017-10965
CONFIRM
CONFIRMirssi -- irssiAn issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.2017-07-077.5CVE-2017-10966
CONFIRM
CONFIRMismartalarm -- cube_one_firmwareOn iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.2017-07-117.5CVE-2017-7728
MISCismartalarm -- cube_one_firmwareiSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.2017-07-117.8CVE-2017-7730
MISCkddi -- home_spot_cube_2_firmwareHOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.2017-07-078.3CVE-2017-2186
JVN
BID
CONFIRMlinux -- linux_kernelThe mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.2017-07-1110.0CVE-2017-11176
CONFIRM
CONFIRMmcafee -- advanced_threat_defenseAuthentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter.2017-07-127.5CVE-2017-4052
CONFIRMmcafee -- advanced_threat_defenseCommand Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter.2017-07-127.5CVE-2017-4053
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601,CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8595
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8610, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8596
BID
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8598
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8598 and CVE-2017-8609.2017-07-117.6CVE-2017-8601
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8603
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8604
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8605
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8609
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.2017-07-117.6CVE-2017-8610
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability."2017-07-117.6CVE-2017-8617
BID
CONFIRMmicrosoft -- edgeMicrosoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609.2017-07-117.6CVE-2017-8619
BID
SECTRACK
CONFIRMmicrosoft -- excelMicrosoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8501.2017-07-119.3CVE-2017-8502
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorerMicrosoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-86092017-07-117.6CVE-2017-8606
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorerMicrosoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-86092017-07-117.6CVE-2017-8607
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorerMicrosoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-86092017-07-117.6CVE-2017-8608
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorerInternet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609.2017-07-117.6CVE-2017-8618
BID
SECTRACK
CONFIRMmicrosoft -- officeMicrosoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.2017-07-119.3CVE-2017-8570
BID
CONFIRMmicrosoft -- office_online_serverMicrosoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.2017-07-119.3CVE-2017-8501
BID
SECTRACK
CONFIRMmicrosoft -- windows_rt_8.1Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467.2017-07-119.3CVE-2017-8578
BID
SECTRACK
CONFIRMmicrosoft -- windows_rt_8.1Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability".2017-07-1110.0CVE-2017-8589
BID
SECTRACK
CONFIRMnfsen -- nfsenNfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).2017-07-109.0CVE-2017-7175
CONFIRM
EXPLOIT-DBpcre -- pcreIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.2017-07-107.8CVE-2017-11164
MISCphp -- phpIn PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.2017-07-107.8CVE-2017-11142
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMschneider_electric -- wonderware_archestra_loggerA Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.2017-07-0710.0CVE-2017-9629
MISC
BID
SECTRACK
MISCsqlite -- sqliteThe getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.2017-07-077.5CVE-2017-10989
MISC
BID
MISC
MISC
MISC
MISCtoshiba -- hem-gw26a_firmwareToshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges.2017-07-077.5CVE-2017-2234
JVNtoshiba -- hem-gw26a_firmwareToshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.2017-07-077.5CVE-2017-2236
JVNtoshiba -- hem-gw26a_firmwareToshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.2017-07-0710.0CVE-2017-2237
JVNxar_project -- xarlibxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.2017-07-097.5CVE-2017-11124
MISCxar_project -- xarlibxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c.2017-07-097.5CVE-2017-11125
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- quicktimeUntrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-076.8CVE-2017-2218
JVN
MISCbrother_industries -- mfc-j960dwn_firmwareCross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-07-076.8CVE-2017-2244
JVN
CONFIRMcharamin -- ompUntrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-076.8CVE-2017-2227
JVNcisco -- asr_5000_seriesA vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0.2017-07-105.0CVE-2017-6729
SECTRACK
CONFIRMcisco -- identity_services_engineA vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151).2017-07-104.3CVE-2017-6733
BID
SECTRACK
CONFIRMcisco -- ios_xrA vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.3.1.15i.BASE 6.2.3.1i.BASE 6.2.2.15i.BASE 6.1.4.10i.BASE.2017-07-106.9CVE-2017-6728
BID
SECTRACK
CONFIRMcisco -- ios_xrA vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST.2017-07-105.0CVE-2017-6731
SECTRACK
CONFIRMcisco -- wide_area_application_servicesA vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22).2017-07-105.0CVE-2017-6727
BID
SECTRACK
CONFIRMcisco -- wide_area_application_servicesA vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17.2017-07-105.0CVE-2017-6730
BID
SECTRACK
CONFIRMcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.2017-07-075.8CVE-2017-2144
JVN
CONFIRMcybozu -- garoonSession fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.2017-07-075.8CVE-2017-2145
JVN
CONFIRMdfactory -- responsive_lightboxCross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2017-07-074.3CVE-2017-2243
JVN
BID
CONFIRMdlink -- dir-615On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware.2017-07-076.8CVE-2017-7404
MISC
MISCdlink -- dir-615The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic.2017-07-075.0CVE-2017-7406
MISC
MISCdownload_manager_project -- download_managerOpen redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2017-07-075.8CVE-2017-2217
JVN
CONFIRM
CONFIRMetherpad -- etherpadDirectory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.2017-07-075.0CVE-2015-3297
MLIST
MLIST
BID
CONFIRMfinecms_project -- finecmsFineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account.2017-07-114.3CVE-2017-11179
MISCfinecms_project -- finecmsFineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen.2017-07-114.3CVE-2017-11180
MISCfinecms_project -- finecmsCross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter.2017-07-124.3CVE-2017-11198
MISCfinecms_project -- finecmsSQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.2017-07-126.5CVE-2017-11200
MISCfinecms_project -- finecmsFineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180.2017-07-124.3CVE-2017-11202
MISCfossies -- catdocThe ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer.2017-07-086.8CVE-2017-11110
MISCgnu -- ncursesIn ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.2017-07-085.0CVE-2017-11112
MISCgnu -- ncursesIn ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.2017-07-085.0CVE-2017-11113
MISCgoogle -- androidRace condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000.2017-07-076.9CVE-2014-7953
FULLDISC
BUGTRAQ
BID
CONFIRMgraphicsmagick -- graphicsmagickThe ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.2017-07-075.0CVE-2017-11102
CONFIRM
CONFIRM
BIDibm -- infosphere_information_serverIBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916.2017-07-124.3CVE-2017-1321
CONFIRM
MISCibm -- websphere_mqIBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.2017-07-104.3CVE-2017-1337
CONFIRM
BID
MISCimagemagick -- imagemagickThe mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.2017-07-074.3CVE-2017-10995
BID
CONFIRMiodata -- ts-wlce_camera_firmwareCross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-07-076.8CVE-2017-2223
MISC
BID
JVNismartalarm -- cube_one_firmwareiSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.2017-07-115.0CVE-2017-7726
MISCismartalarm -- cube_one_firmwareOn iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext.2017-07-115.0CVE-2017-7729
MISCkddi -- home_spot_cube_2_firmwareHOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.2017-07-075.2CVE-2017-2183
JVN
BID
CONFIRMkddi -- home_spot_cube_2_firmwareBuffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.2017-07-075.8CVE-2017-2184
JVN
BID
CONFIRMkddi -- home_spot_cube_2_firmwareHOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI.2017-07-075.2CVE-2017-2185
JVN
BID
CONFIRMknot-dns -- knot_dnsKnot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check.2017-07-084.3CVE-2017-11104
MISC
MISC
MISCmarp_project -- marpMarp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript.2017-07-076.8CVE-2017-2239
JVNmcafee -- advanced_threat_defenseCommand Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter.2017-07-126.5CVE-2017-4054
CONFIRMmcafee -- advanced_threat_defenseExploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization.2017-07-125.0CVE-2017-4055
CONFIRMmcafee -- advanced_threat_defensePrivilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands.2017-07-126.5CVE-2017-4057
CONFIRMmext -- ebidsettingcheckerUntrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-076.8CVE-2017-2225
JVN
MISCmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability".2017-07-114.3CVE-2017-8599
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."2017-07-114.3CVE-2017-8611
BID
SECTRACK
CONFIRMmicrosoft -- exchange_serverMicrosoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560.2017-07-114.3CVE-2017-8559
BID
SECTRACK
CONFIRMmicrosoft -- exchange_serverMicrosoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.2017-07-114.3CVE-2017-8560
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorerMicrosoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability."2017-07-114.3CVE-2017-8602
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- sharepoint_serverMicrosoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability".2017-07-116.5CVE-2017-8569
BID
SECTRACK
CONFIRMmicrosoft -- windows_10Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability".2017-07-114.4CVE-2017-8566
BID
SECTRACK
CONFIRMmicrosoft -- windows_rt_8.1Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".2017-07-116.9CVE-2017-8561
BID
CONFIRMmicrosoft -- windows_rt_8.1Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability".2017-07-115.1CVE-2017-8563
BID
CONFIRMmicrosoft -- windows_rt_8.1Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467.2017-07-116.9CVE-2017-8577
BID
SECTRACK
CONFIRMmicrosoft -- windows_rt_8.1Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467.2017-07-116.2CVE-2017-8580
BID
SECTRACK
CONFIRMmicrosoft -- windows_rt_8.1Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".2017-07-114.6CVE-2017-8590
BID
SECTRACK
CONFIRMmpg123 -- mpg123The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870.2017-07-094.3CVE-2017-11126
MISC
MISCnational_tax_agency -- e-taxUntrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-076.8CVE-2017-2226
JVN
BIDnilim -- road_construction_completion_diagram_check_programUntrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-076.8CVE-2017-2230
JVN
MISC
MISCnitro -- nitro_proNitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.2017-07-074.3CVE-2017-7950
BID
CONFIRMphp -- phpIn PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).2017-07-105.0CVE-2016-10397
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMphp -- phpIn PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.2017-07-105.0CVE-2017-11143
CONFIRM
CONFIRM
CONFIRM
CONFIRMphp -- phpIn PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.2017-07-105.0CVE-2017-11144
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMphp -- phpIn PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function.2017-07-105.0CVE-2017-11145
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMphp -- phpIn PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.2017-07-106.4CVE-2017-11147
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMphpldapadmin -- phpldapadminphpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.2017-07-084.3CVE-2017-11107
MISC
MISCschneider_electric -- wonderware_archestra_loggerAn Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service.2017-07-075.0CVE-2017-9627
MISC
BID
SECTRACK
MISCschneider_electric -- wonderware_archestra_loggerA Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable).2017-07-075.0CVE-2017-9631
MISC
BID
SECTRACK
MISCshortcodes_ultimate_project -- shortcodes_ultimateDirectory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors.2017-07-074.0CVE-2017-2245
BID
JVN
CONFIRM
CONFIRMswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.2017-07-076.8CVE-2017-11096
MISCswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.2017-07-076.8CVE-2017-11097
MISCswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.2017-07-076.8CVE-2017-11098
MISCswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c.2017-07-076.8CVE-2017-11099
MISCswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.2017-07-076.8CVE-2017-11100
MISCswftools -- swftoolsWhen SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.2017-07-076.8CVE-2017-11101
MISCtcpdump -- tcpdumptcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.2017-07-085.0CVE-2017-11108
MISCtoshiba -- hem-gw26a_firmwareToshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors.2017-07-075.0CVE-2017-2235
JVNtoshiba -- hem-gw26a_firmwareCross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-07-076.8CVE-2017-2238
JVNvim -- vimVim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.2017-07-086.8CVE-2017-11109
MISC
MISC.web-dorado -- event_calendar_wdCross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-07-074.3CVE-2017-2224
BID
JVN
CONFIRM
CONFIRMwp-members_project -- wp-membersCross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-07-074.3CVE-2017-2222
JVN
CONFIRM
CONFIRMwp-statistics -- wp_statisticsThe WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.2017-07-074.3CVE-2017-10991
MISCwpdownloadmanager -- download_managerCross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-07-074.3CVE-2017-2216
JVN
CONFIRM
CONFIRMyaws -- yawsYaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.2017-07-075.0CVE-2017-10974
MISC
BID
EXPLOIT-DBBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocacti -- cactiCross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.2017-07-103.5CVE-2017-11163
CONFIRMcisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800).2017-07-103.5CVE-2017-6734
BID
SECTRACK
CONFIRMcisco -- prime_networkA vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.2(1.0)P1.2017-07-102.1CVE-2017-6726
BID
CONFIRMcybozu -- garoonCross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.2017-07-073.5CVE-2017-2146
JVN
CONFIRMfairsketch -- rise_ultimate_project_managerIn Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable.2017-07-113.5CVE-2017-11181
MISCfairsketch -- rise_ultimate_project_managerIn Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable.2017-07-113.5CVE-2017-11182
MISCfinecms_project -- finecmsapplication/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action.2017-07-123.5CVE-2017-11201
MISCgoogle -- androidDirectory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request.2017-07-072.1CVE-2014-7954
MISC
FULLDISC
BUGTRAQ
BIDibm -- websphere_mqIBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.2017-07-101.9CVE-2017-1284
CONFIRM
BID
MISCmicrosoft -- windows_rt_8.1Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467.2017-07-113.7CVE-2017-8581
BID
SECTRACK
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- httpd
 In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.2017-07-13not yet calculatedCVE-2017-9788
CONFIRM
CONFIRM
MLISTapache -- httpd
 When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.2017-07-13not yet calculatedCVE-2017-9789
CONFIRM
MLISTapache -- impala
 During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext.2017-07-10not yet calculatedCVE-2017-5652
MLISTapache -- impala
 It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.2017-07-10not yet calculatedCVE-2017-5640
BID
MLISTapache -- solr
 Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.2017-07-07not yet calculatedCVE-2017-7660
MLIST
BIDapache -- spark
 In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs.2017-07-12not yet calculatedCVE-2017-7678
MLISTapache -- struts
 If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.2017-07-13not yet calculatedCVE-2017-7672
CONFIRM
MLISTapache -- struts
 When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.2017-07-13not yet calculatedCVE-2017-9787
CONFIRM
MLISTapache -- traffic_router
 The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.2017-07-10not yet calculatedCVE-2017-7670
MLISTavg -- antivirus
 AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files.2017-07-12not yet calculatedCVE-2017-9977
MISCcanonical -- ubuntu
 ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.2017-07-11not yet calculatedCVE-2017-10600
CONFIRMcloud_foundry -- cloud_foundry
 In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.2017-07-10not yet calculatedCVE-2017-8032
CONFIRMemc -- data_protection_advisor

 EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.2017-07-09not yet calculatedCVE-2017-8003
CONFIRM
BID
SECTRACKemc -- data_protection_advisor
 EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands.2017-07-09not yet calculatedCVE-2017-8002
CONFIRM
BID
SECTRACKemc -- esrs_policy_manager
 EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server.2017-07-09not yet calculatedCVE-2017-4976
CONFIRM
SECTRACKfinecms -- finecms
 In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked.2017-07-11not yet calculatedCVE-2017-11178
MISCgnome_project -- gnome
 Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible.2017-07-11not yet calculatedCVE-2017-11171
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249.2017-07-13not yet calculatedCVE-2017-6249
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340.2017-07-07not yet calculatedCVE-2017-0340
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. References: N-CVE-2017-0326.2017-07-07not yet calculatedCVE-2017-0326
BID
CONFIRMheimdal -- heimdal
 Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.2017-07-13not yet calculatedCVE-2017-11103
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRMibm -- bigfix_inventory
 IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853.2017-07-13not yet calculatedCVE-2016-8964
CONFIRM
MISCibm -- daeja_viewoneIBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.2017-07-13not yet calculatedCVE-2017-1308
CONFIRM
MISCibm -- emptoris_sourcingIBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352.2017-07-12not yet calculatedCVE-2016-6114
CONFIRM
MISCibm -- emptoris_sourcing
 IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 1188342017-07-12not yet calculatedCVE-2016-8947
CONFIRM
MISCibm -- emptoris_sourcing
 IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833.2017-07-12not yet calculatedCVE-2016-8946
CONFIRM
MISCibm -- emptoris_sourcing
 IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837.2017-07-12not yet calculatedCVE-2016-8950
CONFIRM
MISCibm -- emptoris_sourcing
 IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835.2017-07-12not yet calculatedCVE-2016-8948
CONFIRM
MISCibm -- emptoris_sourcing

 IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840.2017-07-12not yet calculatedCVE-2016-8953
CONFIRM
MISCibm -- emptoris_strategic_supply_management _platform
 IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739.2017-07-13not yet calculatedCVE-2016-6019
CONFIRM
MISCibm -- emptoris_strategic_supply_management_platform
 IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log out users and flood user accounts with emails. IBM X-Force ID: 118838.2017-07-13not yet calculatedCVE-2016-8951
CONFIRM
MISCibm -- emptoris_strategic_supply_management_platform
 IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839.2017-07-13not yet calculatedCVE-2016-8952
CONFIRM
MISCibm -- websphere_commerece_enterprise
 IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.2017-07-10not yet calculatedCVE-2017-1398
CONFIRM
BID
MISCibm -- websphere_mq
 IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.2017-07-12not yet calculatedCVE-2017-1285
MISC
CONFIRMiceni -- infix
 An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.2017-07-12not yet calculatedCVE-2017-2863
MISCimagemagick -- imagemagick
 The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.2017-07-11not yet calculatedCVE-2017-11170
CONFIRMimagemagick -- imagemagick
 The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.2017-07-13not yet calculatedCVE-2017-11310
CONFIRM
CONFIRMipsilon -- ipsilon
 A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users.2017-07-12not yet calculatedCVE-2016-8638
CONFIRM
CONFIRM
CONFIRMmicrosoft -- office
 Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570.2017-07-11not yet calculatedCVE-2017-0243
BID
SECTRACK
CONFIRMmicrosoft -- windowsMicrosoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka "WordPad Remote Code Execution Vulnerability".2017-07-11not yet calculatedCVE-2017-8588
BID
SECTRACK
CONFIRMmicrosoft -- windowsMicrosoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability".2017-07-11not yet calculatedCVE-2017-8562
BID
CONFIRMmicrosoft -- windowsGraphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574.2017-07-11not yet calculatedCVE-2017-8556
BID
SECTRACK
CONFIRMmicrosoft -- windowsWindows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability".2017-07-11not yet calculatedCVE-2017-8557
BID
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8574 and CVE-2017-8556.2017-07-11not yet calculatedCVE-2017-8573
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability".2017-07-11not yet calculatedCVE-2017-8565
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556.2017-07-11not yet calculatedCVE-2017-8574
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability".2017-07-11not yet calculatedCVE-2017-8564
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.2017-07-11not yet calculatedCVE-2017-8585
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".2017-07-11not yet calculatedCVE-2017-8621
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability".2017-07-11not yet calculatedCVE-2017-0170
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".2017-07-11not yet calculatedCVE-2017-8594
BID
CONFIRMmicrosoft -- windows
 Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass".2017-07-11not yet calculatedCVE-2017-8592
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- windows
 Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability."2017-07-11not yet calculatedCVE-2017-8584
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability when it attempts to open a non-existent file, aka "Windows Explorer Denial of Service Vulnerability".2017-07-11not yet calculatedCVE-2017-8587
BID
SECTRACK
CONFIRMmicrosoft -- windows
 HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when the component improperly handles objects in memory, aka "Https.sys Information Disclosure Vulnerability".2017-07-11not yet calculatedCVE-2017-8582
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability".2017-07-11not yet calculatedCVE-2017-8495
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka "Windows Explorer Remote Code Execution Vulnerability".2017-07-11not yet calculatedCVE-2017-8463
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability".2017-07-11not yet calculatedCVE-2017-8467
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulnerability".2017-07-11not yet calculatedCVE-2017-8486
BID
SECTRACK
CONFIRMnginx -- nginx
 Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.2017-07-13not yet calculatedCVE-2017-7529
MLISTphp_group -- php
 In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, lack of bounds checks in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11145.2017-07-10not yet calculatedCVE-2017-11146
CONFIRM
CONFIRM
CONFIRMphpmyfaq -- phpmyfaq
 phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.2017-07-12not yet calculatedCVE-2017-11187
CONFIRMpoppler -- poppler
 An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.2017-07-12not yet calculatedCVE-2017-2820
MISCpoppler -- poppler
 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.2017-07-12not yet calculatedCVE-2017-2818
MISCpoppler -- poppler
 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.2017-07-12not yet calculatedCVE-2017-2814
MISCproject_c-ares -- c-ares
 The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.2017-07-07not yet calculatedCVE-2017-1000381
BID
CONFIRM
CONFIRMpulse_secure -- pulse_connect_securePulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.2017-07-12not yet calculatedCVE-2017-11196
MISC
MISCpulse_secure -- pulse_connect_secure
 Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this.2017-07-12not yet calculatedCVE-2017-11195
MISC
MISCpulse_secure -- pulse_connect_secure
 Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc.2017-07-12not yet calculatedCVE-2017-11194
MISC
MISCpulse_secure -- pulse_connect_secure
 Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.2017-07-12not yet calculatedCVE-2017-11193
MISC
MISCrack-cors -- rack-cors
 Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.2017-07-12not yet calculatedCVE-2017-11173
MISC
MISC
MISCsap -- netweaverSAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.2017-07-12not yet calculatedCVE-2017-9844
MISCsap -- netweaver
 SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.2017-07-12not yet calculatedCVE-2017-9843
MISCsap -- netweaver
 disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.2017-07-12not yet calculatedCVE-2017-9845
MISCsiemens -- simatic_cp_44x-1_rna
 An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU.2017-07-07not yet calculatedCVE-2017-6868
BID
SECTRACK
MISCthermo_fisher_scientific -- datataker_dt80_dex
 dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.2017-07-12not yet calculatedCVE-2017-11165
MISCunrar-free -- unrar-free
 unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via an RAR archive containing a long filename.2017-07-12not yet calculatedCVE-2017-11190
MISCunrar-free -- unrar-free
 unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application.2017-07-12not yet calculatedCVE-2017-11189
MISCxoops -- xoops
 In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.2017-07-12not yet calculatedCVE-2017-11174
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

FTC Releases Alert on Digital Security While Traveling

1 week ago
Original release date: July 14, 2017

The Federal Trade Commission (FTC) has released an alert on ensuring good digital security while traveling. Security recommendations include using caution while accessing free Wi-Fi hotspots, keeping all software updated, and using Virtual Private Networks (VPNs).    

US-CERT encourages users to refer to the FTC Alert and the US-CERT Tip on Cybersecurity for Electronic Devices for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

FTC Releases Alert on Digital Security While Traveling

1 week ago
Original release date: July 14, 2017

The Federal Trade Commission (FTC) has released an alert on ensuring good digital security while traveling. Security recommendations include using caution while accessing free Wi-Fi hotspots, keeping all software updated, and using Virtual Private Networks (VPNs).    

US-CERT encourages users to refer to the FTC Alert and the US-CERT Tip on Cybersecurity for Electronic Devices for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

1 week 1 day ago
Original release date: July 13, 2017

Cisco has released security updates to address several Simple Network Management Protocol (SNMP) vulnerabilities in its IOS and IOS XE software. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

1 week 1 day ago
Original release date: July 13, 2017

Cisco has released security updates to address several Simple Network Management Protocol (SNMP) vulnerabilities in its IOS and IOS XE software. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Juniper Releases ScreenOS Security Update

1 week 1 day ago
Original release date: July 13, 2017

Juniper has released ScreenOS 6.3.0r24 to address multiple cross-site scripting vulnerabilities found in prior versions. An attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Juniper’s Security Bulletin and update all affected ScreenOS versions.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Juniper Networks Releases Multiple Security Updates

1 week 1 day ago
Original release date: July 13, 2017 | Last revised: July 21, 2017

Juniper Networks has released security updates to address multiple vulnerabilities in Junos OS and ScreenOS. A remote attacker could exploit several of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Juniper Security Advisories and update all affected versions of the Junos OS and ScreenOS operating systems.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Samba Releases Security Updates

1 week 2 days ago
Original release date: July 12, 2017

The Samba Team has released security updates that address a vulnerability in all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Samba's Security Announcement and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT
Checked
1 hour 22 minutes ago
Subscribe to US CERT feed