Weekly Vulnerabilities Reports > May 15 to 21, 2017

Overview

183 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 54 high severity vulnerabilities. This weekly summary report vulnerabilities in 164 products from 89 vendors including Google, Debian, Cisco, Mcafee, and GNU. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", "Out-of-bounds Read", and "Cross-site Scripting".

  • 150 reported vulnerabilities are remotely exploitables.
  • 21 reported vulnerabilities have public exploit available.
  • 39 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 151 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 15 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

24 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-05-19 CVE-2017-5173 Geutebrueck OS Command Injection vulnerability in Geutebrueck IP Camera G-Cam Efd-2250 Firmware 1.11.0.12

An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12.

10.0
2017-05-18 CVE-2017-6622 Cisco Missing Authorization vulnerability in Cisco Prime Collaboration Provisioning

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges.

10.0
2017-05-16 CVE-2017-6079 Ribboncommunications Unspecified vulnerability in Ribboncommunications Edgemarc Firmware

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set.

10.0
2017-05-16 CVE-2016-10372 EIR Permissions, Privileges, and Access Controls vulnerability in EIR D1000 Modem Firmware

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.

10.0
2017-05-15 CVE-2017-7213 Zohocorp Improper Input Validation vulnerability in Zohocorp Manageengine Desktop Central

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.

10.0
2017-05-18 CVE-2017-9058 Ytnef Project
Canonical
Out-of-bounds Read vulnerability in multiple products

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.

9.8
2017-05-16 CVE-2016-10239 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur.

9.3
2017-05-16 CVE-2016-10238 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue.

9.3
2017-05-16 CVE-2016-10237 Google Improper Access Control vulnerability in Google Android

If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory.

9.3
2017-05-16 CVE-2015-9003 Google Cryptographic Issues vulnerability in Google Android

In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel.

9.3
2017-05-16 CVE-2015-9002 Google Numeric Errors vulnerability in Google Android

In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.

9.3
2017-05-16 CVE-2015-9000 Google NULL Pointer Dereference vulnerability in Google Android

In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.

9.3
2017-05-16 CVE-2015-8999 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file.

9.3
2017-05-16 CVE-2015-8998 Google Integer Overflow or Wraparound vulnerability in Google Android

In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.

9.3
2017-05-16 CVE-2015-8995 Google Integer Overflow or Wraparound vulnerability in Google Android

In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.

9.3
2017-05-16 CVE-2014-9937 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.

9.3
2017-05-16 CVE-2014-9935 Google Integer Overflow or Wraparound vulnerability in Google Android

In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.

9.3
2017-05-16 CVE-2014-9934 Google Improper Verification of Cryptographic Signature vulnerability in Google Android

A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.

9.3
2017-05-16 CVE-2014-9933 Google Improper Input Validation vulnerability in Google Android

Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.

9.3
2017-05-16 CVE-2014-9932 Google Integer Overflow or Wraparound vulnerability in Google Android

In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.

9.3
2017-05-16 CVE-2014-9931 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.

9.3
2017-05-21 CVE-2017-9135 Mimosa Injection vulnerability in Mimosa Backhaul Radios and Client Radios

An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4.

9.0
2017-05-21 CVE-2017-9133 Mimosa Injection vulnerability in Mimosa Backhaul Radios and Client Radios

An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3.

9.0
2017-05-19 CVE-2017-6048 Satel Iberia Command Injection vulnerability in Satel-Iberia products

A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior.

9.0

54 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-05-16 CVE-2017-7662 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz

Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc.

8.8
2017-05-16 CVE-2017-7661 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications.

8.8
2017-05-19 CVE-2017-9078 Dropbear SSH Project
Debian
Netapp
Double Free vulnerability in multiple products

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.

8.5
2017-05-21 CVE-2017-9100 Dlink Improper Authentication vulnerability in Dlink Dir-600M Firmware 3.04

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.

8.3
2017-05-16 CVE-2017-3882 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition.

8.3
2017-05-16 CVE-2017-3873 Cisco Improper Input Validation vulnerability in Cisco Aironet Access Point Firmware 8.3102.0

A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges.

7.9
2017-05-21 CVE-2017-9136 Mimosa Incorrect Permission Assignment for Critical Resource vulnerability in Mimosa Backhaul Radios and Client Radios

An issue was discovered on Mimosa Client Radios before 2.2.3.

7.8
2017-05-19 CVE-2017-9077 Linux Unspecified vulnerability in Linux Kernel

The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.

7.8
2017-05-19 CVE-2017-9076 Linux
Debian
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
7.8
2017-05-19 CVE-2017-9075 Linux
Debian
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
7.8
2017-05-19 CVE-2017-9074 Linux Out-of-bounds Read vulnerability in Linux Kernel

The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.

7.8
2017-05-19 CVE-2017-7935 Phoenix Contact Gmbh Resource Exhaustion vulnerability in Phoenix Contact Gmbh Mguard Firmware

A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2.

7.8
2017-05-18 CVE-2017-8338 Mikrotik Resource Exhaustion vulnerability in Mikrotik Routeros 6.38.5

A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.

7.8
2017-05-18 CVE-2017-9043 GNU Improper Input Validation vulnerability in GNU Binutils 2.28

readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

7.8
2017-05-18 CVE-2017-9042 GNU Incorrect Type Conversion or Cast vulnerability in GNU Binutils 2.28

readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

7.8
2017-05-16 CVE-2017-3876 Cisco Denial of Service vulnerability in Cisco IOS XR Software

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.

7.8
2017-05-21 CVE-2017-9138 Tendacn Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tendacn F1200 Firmware, F1202 Firmware and Fh1202 Firmware

There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20).

7.7
2017-05-16 CVE-2016-10242 Google Race Condition vulnerability in Google Android

A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.

7.6
2017-05-16 CVE-2015-8997 Google Race Condition vulnerability in Google Android

In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel.

7.6
2017-05-16 CVE-2015-8996 Google Race Condition vulnerability in Google Android

In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel.

7.6
2017-05-16 CVE-2014-9936 Google Race Condition vulnerability in Google Android

In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel.

7.6
2017-05-21 CVE-2017-9137 Ceragon Insecure Default Initialization of Resource vulnerability in Ceragon Fiberair Ip-10 Firmware

Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor).

7.5
2017-05-21 CVE-2017-9119 PHP
Netapp
Resource Exhaustion vulnerability in multiple products

The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.

7.5
2017-05-21 CVE-2017-9117 Libtiff
Canonical
Out-of-bounds Read vulnerability in multiple products

In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

7.5
2017-05-21 CVE-2017-9101 Playsms Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.

7.5
2017-05-19 CVE-2017-7504 Redhat Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.

7.5
2017-05-19 CVE-2017-6027 Codesys Unrestricted Upload of File with Dangerous Type vulnerability in Codesys web Server

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server.

7.5
2017-05-19 CVE-2017-6025 Codesys Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys web Server

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server.

7.5
2017-05-19 CVE-2017-5174 Geutebruck Remote Code Execution vulnerability in Geutebruck IP Camera G-Cam Efd-2250 Firmware 1.11.0.12

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12.

7.5
2017-05-18 CVE-2017-7503 Redhat XXE vulnerability in Redhat Jboss Enterprise Application Platform 7.0.5

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE.

7.5
2017-05-18 CVE-2017-9055 Libdwarf Project Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 20170321

An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21.

7.5
2017-05-18 CVE-2017-9054 Libdwarf Project Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 20170321

An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21.

7.5
2017-05-18 CVE-2017-9052 Libdwarf Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libdwarf Project Libdwarf 20170321

An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21.

7.5
2017-05-18 CVE-2017-9051 Libav NULL Pointer Dereference vulnerability in Libav

libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.

7.5
2017-05-18 CVE-2017-9050 Xmlsoft Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c.

7.5
2017-05-18 CVE-2017-9049 Xmlsoft Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c.

7.5
2017-05-18 CVE-2017-9048 Xmlsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow.

7.5
2017-05-18 CVE-2017-9047 Xmlsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4

A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801.

7.5
2017-05-18 CVE-2017-6195 Ipswitch SQL Injection vulnerability in Ipswitch Moveit DMZ and Moveit Transfer 2017

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection.

7.5
2017-05-17 CVE-2017-8917 Joomla SQL Injection vulnerability in Joomla Joomla! 3.7.0

SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2017-05-17 CVE-2017-9031 Deluge Torrent Path Traversal vulnerability in Deluge-Torrent Deluge 1.3.14

The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.

7.5
2017-05-17 CVE-2017-5215 Codextrous Improper Input Validation vulnerability in Codextrous B2J Contact

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution.

7.5
2017-05-17 CVE-2017-9026 Hootoo Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hootoo Trip Mate 6 Firmware

Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted fname parameter of a GET request.

7.5
2017-05-16 CVE-2017-6886 Libraw Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libraw

An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.

7.5
2017-05-16 CVE-2017-6885 Flexerasoftware Unspecified vulnerability in Flexerasoftware Flexnet Manager Suite

An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges.

7.5
2017-05-15 CVE-2017-6890 Libraw Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libraw Libraw-Demosaic-Pack-Gpl2

A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.

7.5
2017-05-15 CVE-2017-6889 Libraw Integer Overflow or Wraparound vulnerability in Libraw Libraw-Demosaic-Pack-Gpl2

An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.

7.5
2017-05-15 CVE-2017-0252 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory.

7.5
2017-05-15 CVE-2017-0223 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory.

7.5
2017-05-15 CVE-2016-8741 Apache Information Exposure vulnerability in Apache Qpid Broker-J

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication.

7.5
2017-05-19 CVE-2017-7968 Schneider Electric Incorrect Default Permissions vulnerability in Schneider-Electric Wonderware Indusoft web Studio

An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions.

7.2
2017-05-18 CVE-2017-6623 Cisco Improper Privilege Management vulnerability in Cisco Policy Suite 10.0.0/10.1.0/11.0.0

A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root.

7.2
2017-05-17 CVE-2017-8849 Smb4K Project
Debian
Improper Input Validation vulnerability in multiple products

smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.

7.2
2017-05-17 CVE-2017-8422 KDE Authentication Bypass by Spoofing vulnerability in KDE Kauth and Kdelibs

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

7.2

96 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-05-21 CVE-2017-9115 Openexr Unspecified vulnerability in Openexr 2.2.0

In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.

6.8
2017-05-21 CVE-2017-9111 Openexr Unspecified vulnerability in Openexr 2.2.0

In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.

6.8
2017-05-18 CVE-2017-9064 Wordpress
Debian
Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

6.8
2017-05-17 CVE-2016-3403 Zimbra
Synacor
Cross-Site Request Forgery (CSRF) vulnerability in Synacor Zimbra Collaboration Suite

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.

6.8
2017-05-16 CVE-2017-6887 Libraw Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libraw

A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g.

6.8
2017-05-15 CVE-2017-8927 Cgmlarson Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cgmlarson Vizex Reader 9.7.5

Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.

6.8
2017-05-15 CVE-2017-8926 Halliburton Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Halliburton Logview PRO 10.0.1

Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.

6.8
2017-05-19 CVE-2017-9080 Playsms Unrestricted Upload of File with Dangerous Type vulnerability in Playsms 1.4

PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed.

6.5
2017-05-18 CVE-2017-3980 Mcafee Path Traversal vulnerability in Mcafee Epolicy Orchestrator

A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.

6.5
2017-05-18 CVE-2017-9069 Modx Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution

In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.

6.5
2017-05-18 CVE-2017-7433 Micro Focus Path Traversal vulnerability in Micro Focus Vibe

An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint.

6.5
2017-05-16 CVE-2017-7952 Infor SQL Injection vulnerability in Infor Enterprise Asset Management 11.0Build201410

INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.

6.5
2017-05-15 CVE-2017-7489 Moodle Improper Privilege Management vulnerability in Moodle

In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.

6.5
2017-05-18 CVE-2017-9053 Libdwarf Project Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 20170321

An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21.

6.4
2017-05-17 CVE-2017-9025 Hootoo Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hootoo Trip Mate 6 Firmware

Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header.

6.4
2017-05-19 CVE-2017-5176 Rockwellautomation Uncontrolled Search Path Element vulnerability in Rockwellautomation Connected Components Workbench

A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW).

6.2
2017-05-17 CVE-2017-4014 Mcafee Session Fixation vulnerability in Mcafee Network Data Loss Prevention 9.3.0

Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.

6.0
2017-05-15 CVE-2017-8943 Puma Improper Certificate Validation vulnerability in Puma Pumatrac 3.0.2

The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.9
2017-05-15 CVE-2017-8942 Yottamark INC Improper Certificate Validation vulnerability in Yottamark Inc. Shopwell - Healthy Diet & Grocery Food Scanner

The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.9
2017-05-15 CVE-2017-8941 Interval International Improper Certificate Validation vulnerability in Interval International Interval International

The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.9
2017-05-15 CVE-2017-8940 Zipongo INC Improper Certificate Validation vulnerability in Zipongo Inc. Healthy Recipes and Grocery Deals 6.2

The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.9
2017-05-15 CVE-2017-8939 Warnerbros Improper Certificate Validation vulnerability in Warnerbros Ellentube 3.1.1/3.1.2/3.1.3

The Warner Bros.

5.9
2017-05-15 CVE-2017-8938 Radiojavan Improper Certificate Validation vulnerability in Radiojavan Radio Javan

The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.9
2017-05-15 CVE-2017-8937 Life Before US Improper Certificate Validation vulnerability in Life Before US YO. 2.5.8

The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.9
2017-05-15 CVE-2017-8936 Changyou Improper Certificate Validation vulnerability in Changyou Dolphin web Browser 9.23.0/9.23.2

The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.9
2017-05-15 CVE-2017-8935 Gocivix Improper Certificate Validation vulnerability in Gocivix Indiana Voters 1.1.24

The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.9
2017-05-19 CVE-2015-5241 Apache Open Redirect vulnerability in Apache Juddi

After logging into the portal, the logout jsp page redirects the browser back to the login page after.

5.8
2017-05-17 CVE-2015-4070 WOW NEW Media Open Redirect vulnerability in WOW NEW Media WOW Moodboard Lite 1.1.1

Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

5.8
2017-05-19 CVE-2017-7475 Cairographics NULL Pointer Dereference vulnerability in Cairographics Cairo 1.15.4

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

5.5
2017-05-18 CVE-2017-9041 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.28

GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.

5.5
2017-05-18 CVE-2017-9040 GNU NULL Pointer Dereference vulnerability in GNU Binutils 2.28

GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.

5.5
2017-05-18 CVE-2017-9039 GNU Allocation of Resources Without Limits or Throttling vulnerability in GNU Binutils 2.28

GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.

5.5
2017-05-18 CVE-2017-9038 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.28

GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.

5.5
2017-05-15 CVE-2017-7495 Linux Information Exposure vulnerability in Linux Kernel

fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.

5.5
2017-05-15 CVE-2017-8934 Pcmanfm Project Improper Input Validation vulnerability in Pcmanfm Project Pcmanfm 1.2.5

PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability).

5.5
2017-05-21 CVE-2017-9134 Mimosa Information Exposure vulnerability in Mimosa Backhaul Radios and Client Radios

An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3.

5.0
2017-05-21 CVE-2017-9132 Mimosa Use of Hard-coded Credentials vulnerability in Mimosa Backhaul Radios and Client Radios

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3.

5.0
2017-05-21 CVE-2017-9131 Mimosa Improper Input Validation vulnerability in Mimosa Backhaul Radios and Client Radios

An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3.

5.0
2017-05-21 CVE-2014-9970 Jasypt Project Information Exposure vulnerability in Jasypt Project Jasypt

jasypt before 1.9.2 allows a timing attack against the password hash comparison.

5.0
2017-05-21 CVE-2017-9024 Secure Bytes Path Traversal vulnerability in Secure-Bytes Secure Cisco Auditor 3.0

Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.

5.0
2017-05-19 CVE-2017-9098 Imagemagick
Graphicsmagick
Debian
Use of Uninitialized Resource vulnerability in multiple products

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users.

5.0
2017-05-19 CVE-2017-9091 Allen Disk Project Improper Input Validation vulnerability in Allen Disk Project Allen Disk 1.6

/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].

5.0
2017-05-19 CVE-2017-9090 Allen Disk Project Improper Input Validation vulnerability in Allen Disk Project Allen Disk 1.6

reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].

5.0
2017-05-19 CVE-2017-5177 Vipa Controls Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Vipa Controls Winplc7 Firmware

A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior.

5.0
2017-05-18 CVE-2017-6652 Cisco Improper Input Validation vulnerability in Cisco Telepresence Ix5000 8.2.0Base

A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device.

5.0
2017-05-18 CVE-2017-6621 Cisco Information Exposure vulnerability in Cisco Prime Collaboration Provisioning

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data.

5.0
2017-05-18 CVE-2017-9066 Wordpress
Debian
Server-Side Request Forgery (SSRF) vulnerability in Wordpress

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.

5.0
2017-05-18 CVE-2017-9065 Wordpress
Debian
Improper Input Validation vulnerability in Wordpress

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.

5.0
2017-05-18 CVE-2017-9062 Wordpress
Debian
Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.

5.0
2017-05-17 CVE-2017-4017 Mcafee Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0

User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface.

5.0
2017-05-17 CVE-2017-4016 Mcafee Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0

Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header.

5.0
2017-05-17 CVE-2017-4013 Mcafee Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0

Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header.

5.0
2017-05-17 CVE-2017-4012 Mcafee Unspecified vulnerability in Mcafee Network Data Loss Prevention 9.3.0

Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request.

5.0
2017-05-17 CVE-2017-9030 Codextrous Path Traversal vulnerability in Codextrous B2J Contact

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files.

5.0
2017-05-17 CVE-2017-5214 Codextrous Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Codextrous B2J Contact

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value.

5.0
2017-05-16 CVE-2017-6658 Cisco Out-of-bounds Read vulnerability in Cisco Sourcefire Snort 3.0

Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array.

5.0
2017-05-16 CVE-2017-6657 Cisco Unspecified vulnerability in Cisco Snort++

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation.

5.0
2017-05-16 CVE-2017-6651 Cisco Information Exposure vulnerability in Cisco Webex Meetings Server

A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings.

5.0
2017-05-16 CVE-2017-3825 Cisco Improper Input Validation vulnerability in Cisco Telepresence CE and Telepresence TC

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition.

5.0
2017-05-15 CVE-2017-7478 Openvpn Improper Input Validation vulnerability in Openvpn

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet.

5.0
2017-05-15 CVE-2017-7490 Moodle Exposure of Resource to Wrong Sphere vulnerability in Moodle

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.

5.0
2017-05-18 CVE-2017-9059 Linux Improper Resource Shutdown or Release vulnerability in Linux Kernel

The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak.

4.9
2017-05-19 CVE-2017-9079 Dropbear SSH Project
Debian
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option.

4.7
2017-05-19 CVE-2017-4979 EMC Remote Privilege Escalation vulnerability in EMC Isilon OneFS

EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability.

4.6
2017-05-18 CVE-2017-8769 Whatsapp Missing Encryption of Sensitive Data vulnerability in Whatsapp

Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted.

4.6
2017-05-17 CVE-2017-7493 Qemu
Debian
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue.

4.6
2017-05-17 CVE-2017-4015 Mcafee Improper Restriction of Rendered UI Layers or Frames vulnerability in Mcafee Network Data Loss Prevention 9.3.0

Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.

4.5
2017-05-21 CVE-2017-9046 Pmail Improper Input Validation vulnerability in Pmail Pegasus 4.72

winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally.

4.4
2017-05-19 CVE-2017-6016 Leao Consultoria E Desenvolvimento DE Sistemas Local Access Bypass vulnerability in LAquis SCADA

An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA.

4.4
2017-05-18 CVE-2017-9067 Modx
PHP
Path Traversal vulnerability in multiple products

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

4.4
2017-05-21 CVE-2017-9116 Openexr Unspecified vulnerability in Openexr 2.2.0

In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.

4.3
2017-05-21 CVE-2017-9114 Openexr Unspecified vulnerability in Openexr 2.2.0

In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.

4.3
2017-05-21 CVE-2017-9113 Openexr Unspecified vulnerability in Openexr 2.2.0

In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.

4.3
2017-05-21 CVE-2017-9112 Openexr Unspecified vulnerability in Openexr 2.2.0

In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.

4.3
2017-05-21 CVE-2017-9110 Openexr Unspecified vulnerability in Openexr 2.2.0

In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.

4.3
2017-05-21 CVE-2017-7620 Mantisbt Cross-Site Request Forgery (CSRF) vulnerability in Mantisbt

MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.

4.3
2017-05-19 CVE-2017-9094 Entropymine Infinite Loop vulnerability in Entropymine Imageworsener

The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.

4.3
2017-05-19 CVE-2017-9093 Entropymine Infinite Loop vulnerability in Entropymine Imageworsener

The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.

4.3
2017-05-19 CVE-2017-9083 Freedesktop NULL Pointer Dereference vulnerability in Freedesktop Poppler 0.54.0

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc.

4.3
2017-05-19 CVE-2017-7937 Phoenix Contact Gmbh Improper Authentication vulnerability in Phoenix Contact Gmbh Mguard Firmware

An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2.

4.3
2017-05-18 CVE-2017-9072 Calendarxp Cross-site Scripting vulnerability in Calendarxp Flatcalendarxp and Popcalendarxp

Two CalendarXP products have XSS in common parts of HTML files.

4.3
2017-05-18 CVE-2017-9068 Modx Cross-site Scripting vulnerability in Modx Revolution

In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.

4.3
2017-05-18 CVE-2017-9063 Wordpress
Debian
Cross-site Scripting vulnerability in Wordpress

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.

4.3
2017-05-18 CVE-2017-9061 Wordpress
Debian
Cross-site Scripting vulnerability in Wordpress

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.

4.3
2017-05-18 CVE-2017-9045 Google Missing Encryption of Sensitive Data vulnerability in Google I/O 2017

The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json file.

4.3
2017-05-18 CVE-2017-9044 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.28

The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.

4.3
2017-05-17 CVE-2017-4011 Mcafee Cross-site Scripting vulnerability in Mcafee Network Data Loss Prevention 9.3.0

Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.

4.3
2017-05-17 CVE-2015-3998 Clickfraud Monitoring
Phpwhois Project
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php.

4.3
2017-05-16 CVE-2017-7488 Authconfig Project Information Exposure vulnerability in Authconfig Project Authconfig 6.2.8

Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.

4.3
2017-05-16 CVE-2015-9001 Google Information Exposure vulnerability in Google Android

In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.

4.3
2017-05-15 CVE-2017-7491 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.

4.3
2017-05-15 CVE-2016-9750 IBM Credentials Management vulnerability in IBM Qradar Security Information and Event Manager 7.2.0/7.3.0

IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user.

4.0
2017-05-15 CVE-2016-9735 IBM Information Exposure vulnerability in IBM products

IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces.

4.0
2017-05-15 CVE-2016-5979 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Distributed Marketing

IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user.

4.0
2017-05-15 CVE-2017-7479 Openvpn Reachable Assertion vulnerability in Openvpn

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

4.0
2017-05-15 CVE-2017-5655 Apache Information Exposure vulnerability in Apache Ambari

In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-05-19 CVE-2017-4978 RSA Cross-site Scripting vulnerability in RSA Adaptive Authentication (On Premise)

EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

3.5
2017-05-18 CVE-2017-9070 Modx Cross-site Scripting vulnerability in Modx Revolution

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.

3.5
2017-05-16 CVE-2017-8382 Admidio Cross-Site Request Forgery (CSRF) vulnerability in Admidio 3.2.8

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

3.5
2017-05-16 CVE-2017-7953 Infor Cross-site Scripting vulnerability in Infor Enterprise Asset Management 11.0

INFOR EAM V11.0 Build 201410 has XSS via comment fields.

3.5
2017-05-19 CVE-2017-7907 Schneider Electric XXE vulnerability in Schneider-Electric Wonderware Historian Client

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior.

3.3
2017-05-15 CVE-2017-8933 Libmenu Cache Project Improper Input Validation vulnerability in Libmenu-Cache Project Libmenu-Cache 1.0.2

Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability).

3.3
2017-05-21 CVE-2017-9139 Tendacn Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tendacn F1200 Firmware, F1202 Firmware and Fh1202 Firmware

There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20).

2.7
2017-05-18 CVE-2017-9071 Modx Cross-site Scripting vulnerability in Modx Revolution

In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request.

2.6
2017-05-17 CVE-2016-10374 Perltidy Project Link Following vulnerability in Perltidy Project Perltidy

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.

2.1