Weekly Vulnerabilities Reports > May 22 to 28, 2017

Overview

323 new vulnerabilities reported during this period, including 34 critical vulnerabilities and 81 high severity vulnerabilities. This weekly summary report vulnerabilities in 287 products from 94 vendors including Apple, Autotrace Project, Debian, Cisco, and Pivotal Software. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Out-of-bounds Read", "Information Exposure", and "Improper Input Validation".

  • 302 reported vulnerabilities are remotely exploitables.
  • 48 reported vulnerabilities have public exploit available.
  • 62 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 296 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 78 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 21 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

34 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-05-28 CVE-2017-9232 Canonical Missing Authorization vulnerability in Canonical Juju

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

10.0
2017-05-28 CVE-2015-9059 Picocom Project Command Injection vulnerability in Picocom Project Picocom

picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.

10.0
2017-05-26 CVE-2017-9034 Trendmicro Improper Input Validation vulnerability in Trendmicro Serverprotect 3.0

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.

10.0
2017-05-25 CVE-2016-0761 Cloudfoundry
Pivotal Software
Data Processing Errors vulnerability in multiple products

Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.

10.0
2017-05-22 CVE-2017-1092 IBM Remote Code Execution vulnerability in IBM Informix Open Admin Tool 11.5/11.7/12.1

IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers.

10.0
2017-05-26 CVE-2017-6862 Netgear Classic Buffer Overflow vulnerability in Netgear products

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp.

9.8
2017-05-24 CVE-2017-2800 Wolfssl Improper Certificate Validation vulnerability in Wolfssl

A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution.

9.8
2017-05-23 CVE-2016-9843 Zlib
Opensuse
Debian
Canonical
Oracle
Redhat
Apple
Netapp
Mariadb
Nodejs
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
9.8
2017-05-23 CVE-2016-9841 Zlib
Opensuse
Debian
Canonical
Oracle
Redhat
Apple
Netapp
Nodejs
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
9.8
2017-05-23 CVE-2016-7979 Artifex Incorrect Type Conversion or Cast vulnerability in Artifex Ghostscript

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

9.8
2017-05-23 CVE-2016-5178 Google
Opensuse
Debian
Redhat
Fedoraproject
Improper Input Validation vulnerability in multiple products

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

9.8
2017-05-26 CVE-2017-8541 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption.

9.3
2017-05-26 CVE-2017-8538 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption.

9.3
2017-05-25 CVE-2015-5211 Vmware
Debian
Files or Directories Accessible to External Parties vulnerability in multiple products

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack.

9.3
2017-05-22 CVE-2017-6999 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-6998 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-6997 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-6996 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-6995 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-6994 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-6989 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-6985 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-6981 Apple Link Following vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-6978 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-2548 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-2546 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-2545 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-2543 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-2542 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-2541 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-2537 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-2503 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-22 CVE-2017-2494 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-05-27 CVE-2017-3134 Fortinet Improper Input Validation vulnerability in Fortinet Fortiwlc-Sd

An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.

9.0

81 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-05-25 CVE-2016-4977 Pivotal Data Processing Errors vulnerability in Pivotal Spring Security Oauth

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

8.8
2017-05-23 CVE-2016-9842 Zlib
Opensuse
Debian
Canonical
Oracle
Redhat
Apple
Nodejs
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
8.8
2017-05-23 CVE-2016-9840 Zlib
Opensuse
Debian
Canonical
Oracle
Redhat
Apple
Nodejs
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
8.8
2017-05-23 CVE-2016-5177 Google
Opensuse
Debian
Redhat
Fedoraproject
Use After Free vulnerability in multiple products

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

8.8
2017-05-22 CVE-2017-6891 GNU
Debian
Apache
Out-of-bounds Write vulnerability in multiple products

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g.

8.8
2017-05-22 CVE-2017-9146 Ytnef Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ytnef Project Ytnef

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.

8.8
2017-05-22 CVE-2017-5657 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache Archiva

Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks.

8.0
2017-05-28 CVE-2017-7295 Contiki OS Use After Free vulnerability in Contiki-Os Contiki 3.0

An issue was discovered in Contiki Operating System 3.0.

7.8
2017-05-26 CVE-2017-8540 Microsoft Out-of-bounds Write vulnerability in Microsoft products

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption.

7.8
2017-05-23 CVE-2017-8311 Videolan Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

7.8
2017-05-23 CVE-2017-9212 Bavarian Motor Works Use of Externally-Controlled Format String vulnerability in Bavarian Motor Works Bluetooth Stack

The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.

7.8
2017-05-23 CVE-2017-8309 Qemu
Debian
Redhat
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.

7.8
2017-05-22 CVE-2017-6641 Cisco Allocation of Resources Without Limits or Throttling vulnerability in Cisco Remote Expert Manager 11.0.0

A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system.

7.8
2017-05-22 CVE-2017-6632 Cisco Resource Exhaustion vulnerability in Cisco Firepower Threat Defense

A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources.

7.8
2017-05-22 CVE-2017-6630 Cisco Denial of Service vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(0.1)

A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

7.8
2017-05-22 CVE-2017-6979 Apple Race Condition vulnerability in Apple products

An issue was discovered in certain Apple products.

7.6
2017-05-22 CVE-2017-2533 Apple Race Condition vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.6
2017-05-22 CVE-2017-2501 Apple Race Condition vulnerability in Apple products

An issue was discovered in certain Apple products.

7.6
2017-05-26 CVE-2016-10375 Yodl Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Yodl Project Yodl 3.06.00

Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.

7.5
2017-05-25 CVE-2014-3527 Vmware Improper Authentication vulnerability in VMWare Spring Security

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated.

7.5
2017-05-25 CVE-2014-0097 Vmware Improper Authentication vulnerability in VMWare Spring Security

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length.

7.5
2017-05-24 CVE-2017-9230 Bitcoin Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Bitcoin

The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers.

7.5
2017-05-24 CVE-2017-9228 Oniguruma Project
PHP
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.

7.5
2017-05-24 CVE-2017-9227 Oniguruma Project
PHP
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.

7.5
2017-05-24 CVE-2017-9226 Oniguruma Project
PHP
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.

7.5
2017-05-24 CVE-2017-9225 Oniguruma Project
PHP
Ruby Lang
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.

7.5
2017-05-24 CVE-2017-9224 Oniguruma Project
PHP
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.

7.5
2017-05-24 CVE-2017-2801 Botan Project Out-of-bounds Read vulnerability in Botan Project Botan 2.0.1

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse.

7.5
2017-05-23 CVE-2017-9214 Openvswitch
Debian
Redhat
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

7.5
2017-05-23 CVE-2017-6131 F5 Use of Hard-coded Credentials vulnerability in F5 products

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system.

7.5
2017-05-23 CVE-2017-9200 Autotrace Project Integer Overflow or Wraparound vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63.

7.5
2017-05-23 CVE-2017-9199 Autotrace Project Integer Overflow or Wraparound vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19.

7.5
2017-05-23 CVE-2017-9198 Autotrace Project Integer Overflow or Wraparound vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18.

7.5
2017-05-23 CVE-2017-9197 Autotrace Project Integer Overflow or Wraparound vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55.

7.5
2017-05-23 CVE-2017-9196 Autotrace Project Integer Overflow or Wraparound vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in input-tga.c:528:7.

7.5
2017-05-23 CVE-2017-9195 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27.

7.5
2017-05-23 CVE-2017-9194 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.

7.5
2017-05-23 CVE-2017-9193 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33.

7.5
2017-05-23 CVE-2017-9192 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7.

7.5
2017-05-23 CVE-2017-9191 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15.

7.5
2017-05-23 CVE-2017-9188 Autotrace Project Improper Input Validation vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "left shift ...

7.5
2017-05-23 CVE-2017-9187 Autotrace Project Integer Overflow or Wraparound vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7.

7.5
2017-05-23 CVE-2017-9186 Autotrace Project Integer Overflow or Wraparound vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17.

7.5
2017-05-23 CVE-2017-9185 Autotrace Project Integer Overflow or Wraparound vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7.

7.5
2017-05-23 CVE-2017-9184 Autotrace Project Integer Overflow or Wraparound vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7.

7.5
2017-05-23 CVE-2017-9183 Autotrace Project Incorrect Type Conversion or Cast vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7.

7.5
2017-05-23 CVE-2017-9173 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29.

7.5
2017-05-23 CVE-2017-9172 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:496:29.

7.5
2017-05-23 CVE-2017-9171 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24.

7.5
2017-05-23 CVE-2017-9170 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25.

7.5
2017-05-23 CVE-2017-9169 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25.

7.5
2017-05-23 CVE-2017-9168 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:353:25.

7.5
2017-05-23 CVE-2017-9167 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25.

7.5
2017-05-23 CVE-2017-9166 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11.

7.5
2017-05-23 CVE-2017-9165 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11.

7.5
2017-05-23 CVE-2017-9164 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11.

7.5
2017-05-23 CVE-2017-9163 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in pxl-outline.c:106:54.

7.5
2017-05-23 CVE-2017-9162 Autotrace Project Integer Overflow or Wraparound vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2.

7.5
2017-05-23 CVE-2017-9161 Autotrace Project Integer Overflow or Wraparound vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23.

7.5
2017-05-23 CVE-2017-9160 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12.

7.5
2017-05-23 CVE-2017-9153 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function in input-pnm.c:391:13.

7.5
2017-05-23 CVE-2017-9152 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41.

7.5
2017-05-23 CVE-2017-9151 Autotrace Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12.

7.5
2017-05-23 CVE-2017-8914 SAP Multiple Security vulnerability in SAP HANA

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.

7.5
2017-05-23 CVE-2017-6821 Zimbra
Synacor
Path Traversal vulnerability in Synacor Zimbra Collaboration Suite

Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.

7.5
2017-05-23 CVE-2017-6813 Zimbra
Synacor
Privilege Escalation vulnerability in Synacor Zimbra Collaboration Suite

A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.

7.5
2017-05-23 CVE-2016-7978 Artifex Use After Free vulnerability in Artifex Ghostscript 9.20

Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.

7.5
2017-05-23 CVE-2015-4455 Aviary Image Editor ADD ON FOR Gravity Forms Project Unrestricted Upload of File with Dangerous Type vulnerability in Aviary Image Editor Add-On FOR Gravity Forms Project Aviary Image Editor Add-On for Gravity Forms 3.0

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.

7.5
2017-05-22 CVE-2016-4905 WP Olivecart SQL Injection vulnerability in Wp-Olivecart Olivecart and Olivecartpro

SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.

7.5
2017-05-22 CVE-2017-2527 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.5
2017-05-22 CVE-2017-2524 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

7.5
2017-05-22 CVE-2017-2523 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

7.5
2017-05-22 CVE-2017-2522 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

7.5
2017-05-22 CVE-2017-2520 Apple
Debian
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in certain Apple products.

7.5
2017-05-22 CVE-2017-2519 Apple
Debian
Multiple Security vulnerability in Apple iOS/WatchOS/tvOS/macOS

An issue was discovered in certain Apple products.

7.5
2017-05-22 CVE-2017-2518 Apple
Debian
Use After Free vulnerability in multiple products

An issue was discovered in certain Apple products.

7.5
2017-05-22 CVE-2017-2513 Apple Use After Free vulnerability in Apple products

An issue was discovered in certain Apple products.

7.5
2017-05-26 CVE-2017-9036 Trendmicro Missing Authorization vulnerability in Trendmicro Serverprotect 3.0

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory.

7.2
2017-05-23 CVE-2016-1876 Lenovo Permissions, Privileges, and Access Controls vulnerability in Lenovo Solution Center

The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.

7.2
2017-05-23 CVE-2015-4045 Alienvault Permissions, Privileges, and Access Controls vulnerability in Alienvault Open Source Security Information Management

The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.

7.2
2017-05-22 CVE-2017-4915 Vmware
Linux
Incorrect Authorization vulnerability in VMWare Workstation Player and Workstation PRO

VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files.

7.2

196 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-05-23 CVE-2015-8089 Huawei Permissions, Privileges, and Access Controls vulnerability in Huawei P7-L00 Firmware, P7-L05 Firmware and P7-L09 Firmware

The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application.

6.9
2017-05-26 CVE-2017-5646 Apache Origin Validation Error vulnerability in Apache Knox

For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox.

6.8
2017-05-26 CVE-2017-9033 Trendmicro Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Serverprotect 3.0

Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens.

6.8
2017-05-26 CVE-2016-6256 SAP XXE vulnerability in SAP Business ONE 1.2.3

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065.

6.8
2017-05-25 CVE-2016-4435 Pivotal Permissions, Privileges, and Access Controls vulnerability in Pivotal Bosh Stemcell 3146.13

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM.

6.8
2017-05-25 CVE-2015-3191 Cloudfoundry
Pivotal Software
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack.

6.8
2017-05-25 CVE-2014-0225 Vmware
Pivotal Software
XXE vulnerability in multiple products

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration.

6.8
2017-05-24 CVE-2017-2824 Zabbix OS Command Injection vulnerability in Zabbix

An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X.

6.8
2017-05-24 CVE-2017-2823 Poweriso Use After Free vulnerability in Poweriso 6.8

A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8.

6.8
2017-05-24 CVE-2017-2819 Hancom Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hancom Hangul Word Processor and Thinkfree Office NEO

An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902.

6.8
2017-05-24 CVE-2017-2817 Poweriso Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Poweriso 6.8

A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8.

6.8
2017-05-24 CVE-2017-2799 Marklogic Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Marklogic 8.06

An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6.

6.8
2017-05-24 CVE-2017-2798 Marklogic Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Marklogic 8.06

An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6.

6.8
2017-05-23 CVE-2017-0373 Config Model Project Improper Input Validation vulnerability in Config-Model Project Config-Model

The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.

6.8
2017-05-23 CVE-2017-2797 Marklogic Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Marklogic 8.06

An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6.

6.8
2017-05-23 CVE-2017-2794 Marklogic Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Marklogic 8.06

An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6.

6.8
2017-05-23 CVE-2017-2793 Marklogic Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Marklogic 8.06

An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6.

6.8
2017-05-23 CVE-2017-2783 Marklogic Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Marklogic 8.06

An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6.

6.8
2017-05-23 CVE-2016-5735 Pngquant Integer Overflow or Wraparound vulnerability in Pngquant 2.7.0

Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.

6.8
2017-05-23 CVE-2015-6817 Pgbouncer Improper Authentication vulnerability in Pgbouncer 1.6

PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.

6.8
2017-05-22 CVE-2017-2175 IPA Untrusted Search Path vulnerability in IPA Empirical Project Monitor - Extended

Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

6.8
2017-05-22 CVE-2016-7804 7 ZIP Untrusted Search Path vulnerability in 7-Zip

Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

6.8
2017-05-22 CVE-2016-4904 WP Olivecart Cross-Site Request Forgery (CSRF) vulnerability in Wp-Olivecart Olivecart and Olivecartpro

Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors.

6.8
2017-05-22 CVE-2016-4901 National TAX Agency Untrusted Search Path vulnerability in National TAX Agency E-Tax

Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

6.8
2017-05-22 CVE-2016-4900 Evernote Untrusted Search Path vulnerability in Evernote

Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

6.8
2017-05-22 CVE-2016-4854 Nttdocomo Cross-Site Request Forgery (CSRF) vulnerability in Nttdocomo L-04D Firmware V10A/V10B

Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors.

6.8
2017-05-22 CVE-2017-4916 Vmware
Microsoft
NULL Pointer Dereference vulnerability in VMWare Workstation Player and Workstation PRO

VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver.

6.8
2017-05-22 CVE-2017-6991 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-6986 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-6984 Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-6983 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-6980 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-6977 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2547 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2544 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2539 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2538 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2536 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2535 Apple Improper Input Validation vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2534 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2531 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2530 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2526 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2525 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2521 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2515 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2514 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2512 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2506 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2505 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2499 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-2496 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

6.8
2017-05-22 CVE-2017-6635 Cisco Missing Authorization vulnerability in Cisco Prime Collaboration Provisioning

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system.

6.8
2017-05-22 CVE-2017-6634 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Industrial Ethernet 1000 Series Firmware 1.3Base

A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system.

6.8
2017-05-26 CVE-2017-7505 Theforeman Improper Privilege Management vulnerability in Theforeman Foreman

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.

6.5
2017-05-26 CVE-2017-9239 Exiv2
Canonical
Divide By Zero vulnerability in multiple products

An issue was discovered in Exiv2 0.26.

6.5
2017-05-24 CVE-2017-9216 Artifex
Debian
NULL Pointer Dereference vulnerability in multiple products

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c.

6.5
2017-05-23 CVE-2017-5965 Sitecore Unspecified vulnerability in Sitecore CRM 8.1

The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file.

6.5
2017-05-23 CVE-2017-8913 SAP XXE vulnerability in SAP Netweaver 7.5

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.

6.5
2017-05-23 CVE-2015-4046 Alienvault Command Injection vulnerability in Alienvault Open Source Security Information Management

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.

6.5
2017-05-22 CVE-2016-6112 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application.

6.5
2017-05-27 CVE-2017-7337 Fortinet Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiportal

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.

6.4
2017-05-23 CVE-2015-5609 Image Export Project Path Traversal vulnerability in Image-Export Project Image-Export 1.1

Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.

6.4
2017-05-22 CVE-2017-1289 IBM XXE vulnerability in IBM SDK

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data.

6.4
2017-05-28 CVE-2017-9252 Finecms Project Cross-site Scripting vulnerability in Finecms Project Finecms

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.

6.1
2017-05-28 CVE-2017-9251 Finecms Project Cross-site Scripting vulnerability in Finecms Project Finecms

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.

6.1
2017-05-22 CVE-2017-9140 Progress Cross-site Scripting vulnerability in Progress Sitefinity CMS and Telerik Reporting

Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.

6.1
2017-05-27 CVE-2017-7343 Fortinet Open Redirect vulnerability in Fortinet Fortiportal

An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.

5.8
2017-05-27 CVE-2017-3126 Fortinet Open Redirect vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.

5.8
2017-05-26 CVE-2017-9035 Trendmicro Cleartext Transmission of Sensitive Information vulnerability in Trendmicro Serverprotect 3.0

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers.

5.8
2017-05-25 CVE-2015-3190 Cloudfoundry
Pivotal Software
Open Redirect vulnerability in multiple products

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.

5.8
2017-05-22 CVE-2017-2497 Apple Open Redirect vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

5.8
2017-05-23 CVE-2017-8313 Videolan Out-of-bounds Read vulnerability in Videolan VLC Media Player

Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.

5.5
2017-05-23 CVE-2017-8312 Videolan
Debian
Out-of-bounds Read vulnerability in multiple products

Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.

5.5
2017-05-23 CVE-2017-8310 Videolan Out-of-bounds Read vulnerability in Videolan VLC Media Player

Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.

5.5
2017-05-23 CVE-2016-7977 Artifex Information Exposure vulnerability in Artifex Ghostscript

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

5.5
2017-05-28 CVE-2017-9250 Jerryscript NULL Pointer Dereference vulnerability in Jerryscript 1.0

The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.

5.0
2017-05-27 CVE-2017-7731 Fortinet Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fortinet Fortiportal

A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.

5.0
2017-05-27 CVE-2017-7338 Fortinet Information Exposure vulnerability in Fortinet Fortiportal

A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.

5.0
2017-05-26 CVE-2017-1292 IBM Information Exposure vulnerability in IBM products

IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system.

5.0
2017-05-26 CVE-2017-7439 Netapp Information Exposure vulnerability in Netapp Oncommand Unified Manager Core Package

NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.

5.0
2017-05-26 CVE-2017-7236 Netapp SQL Injection vulnerability in Netapp Oncommand Unified Manager Core Package

SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

5.0
2017-05-25 CVE-2016-5007 Vmware
Pivotal Software
Permissions, Privileges, and Access Controls vulnerability in multiple products

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively.

5.0
2017-05-25 CVE-2016-0780 Cloudfoundry
Pivotal Software
Resource Management Errors vulnerability in multiple products

It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases.

5.0
2017-05-24 CVE-2017-9229 Oniguruma Project
Ruby Lang
PHP
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.

5.0
2017-05-24 CVE-2017-9217 Systemd Project NULL Pointer Dereference vulnerability in Systemd Project Systemd

systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.

5.0
2017-05-23 CVE-2017-9190 Autotrace Project Use After Free vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid free), related to the free_bitmap function in bitmap.c:24:5.

5.0
2017-05-23 CVE-2017-9189 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11.

5.0
2017-05-23 CVE-2017-9182 Autotrace Project Use After Free vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11.

5.0
2017-05-23 CVE-2017-9181 Autotrace Project Out-of-bounds Write vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c.

5.0
2017-05-23 CVE-2017-9180 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14.

5.0
2017-05-23 CVE-2017-9179 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14.

5.0
2017-05-23 CVE-2017-9178 Autotrace Project Out-of-bounds Write vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11.

5.0
2017-05-23 CVE-2017-9177 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:390:12.

5.0
2017-05-23 CVE-2017-9176 Autotrace Project Out-of-bounds Write vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25.

5.0
2017-05-23 CVE-2017-9175 Autotrace Project Out-of-bounds Write vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25.

5.0
2017-05-23 CVE-2017-9174 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:21:23.

5.0
2017-05-23 CVE-2017-9159 Autotrace Project Out-of-bounds Write vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15.

5.0
2017-05-23 CVE-2017-9158 Autotrace Project Out-of-bounds Write vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_raw function in input-pnm.c:336:11.

5.0
2017-05-23 CVE-2017-9157 Autotrace Project Out-of-bounds Write vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14.

5.0
2017-05-23 CVE-2017-9156 Autotrace Project Out-of-bounds Write vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12.

5.0
2017-05-23 CVE-2017-9155 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the input_pnm_reader function in input-pnm.c:243:3.

5.0
2017-05-23 CVE-2017-9154 Autotrace Project Out-of-bounds Read vulnerability in Autotrace Project Autotrace 0.31.1

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:16:11.

5.0
2017-05-23 CVE-2017-8915 SAP Reachable Assertion vulnerability in SAP Hana XS 1.00/2.00

sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694.

5.0
2017-05-23 CVE-2016-10073 Vanillaforums Information Exposure vulnerability in Vanillaforums Vanilla

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.

5.0
2017-05-23 CVE-2015-6586 Huawei Information Exposure vulnerability in Huawei products

The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network.

5.0
2017-05-23 CVE-2015-5682 Powerplay Gallery Project Permissions, Privileges, and Access Controls vulnerability in Powerplay Gallery Project Powerplay Gallery 3.3

upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.

5.0
2017-05-23 CVE-2015-5469 MDC Youtube Downloader Project Path Traversal vulnerability in MDC Youtube Downloader Project MDC Youtube Downloader 2.1.0

Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.

5.0
2017-05-23 CVE-2015-5468 Wpshopstyling Path Traversal vulnerability in Wpshopstyling WP E-Commerce Shop Styling

Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2017-05-23 CVE-2015-5401 Teradata Improper Input Validation vulnerability in Teradata Express and Teradata Gateway

Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message.

5.0
2017-05-23 CVE-2015-5383 Roundcube Information Exposure vulnerability in Roundcube Webmail and Webmail

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.

5.0
2017-05-23 CVE-2015-4704 Download ZIP Attachments Project Path Traversal vulnerability in Download ZIP Attachments Project Download ZIP Attachments 1.0

Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2017-05-23 CVE-2015-4054 Pgbouncer NULL Pointer Dereference vulnerability in Pgbouncer

PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.

5.0
2017-05-23 CVE-2015-1529 Google Integer Overflow or Wraparound vulnerability in Google Android

Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors.

5.0
2017-05-22 CVE-2017-9149 Metadata Anonymisation Toolkit Project Information Exposure vulnerability in Metadata Anonymisation Toolkit Project Metadata Anonymisation Toolkit 0.6/0.6.1

Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted.

5.0
2017-05-22 CVE-2017-2498 Apple Improper Certificate Validation vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

5.0
2017-05-22 CVE-2017-6653 Cisco Allocation of Resources Without Limits or Throttling vulnerability in Cisco Identity Services Engine 2.1(0.474)

A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests.

5.0
2017-05-22 CVE-2017-6647 Cisco Information Exposure vulnerability in Cisco Remote Expert Manager 11.0.0

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system.

5.0
2017-05-22 CVE-2017-6646 Cisco Information Exposure vulnerability in Cisco Remote Expert Manager 11.0.0

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system.

5.0
2017-05-22 CVE-2017-6645 Cisco Information Exposure vulnerability in Cisco Remote Expert Manager 11.0.0

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an affected system.

5.0
2017-05-22 CVE-2017-6644 Cisco Information Exposure vulnerability in Cisco Remote Expert Manager 11.0.0

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system.

5.0
2017-05-22 CVE-2017-6643 Cisco Information Exposure vulnerability in Cisco Remote Expert Manager 11.0.0

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system.

5.0
2017-05-22 CVE-2017-6642 Cisco Information Exposure vulnerability in Cisco Remote Expert Manager 11.0.0

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system.

5.0
2017-05-22 CVE-2017-6633 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Unified Computing System 3.0(0.234)

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

5.0
2017-05-27 CVE-2017-9242 Linux Improper Input Validation vulnerability in Linux Kernel

The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.

4.9
2017-05-23 CVE-2017-9211 Linux NULL Pointer Dereference vulnerability in Linux Kernel

The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.

4.9
2017-05-23 CVE-2017-8379 Qemu
Debian
Redhat
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.

4.9
2017-05-22 CVE-2017-1159 IBM Open Redirect vulnerability in IBM Business Process Manager

IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

4.9
2017-05-23 CVE-2017-0374 Config Model Project Local Privilege Escalation vulnerability in Perl 'Config-Model' Module

lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of .

4.6
2017-05-22 CVE-2017-6650 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack.

4.6
2017-05-22 CVE-2017-6649 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack.

4.6
2017-05-28 CVE-2017-9243 Aries Networks Cross-site Scripting vulnerability in Aries Networks Qwr-1104 Wireless-N Router Firmware Wrc.253.2.0913

Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.

4.3
2017-05-28 CVE-2017-7296 Contiki OS Cross-site Scripting vulnerability in Contiki-Os Contiki 3.0

An issue was discovered in Contiki Operating System 3.0.

4.3
2017-05-27 CVE-2017-7339 Fortinet Cross-site Scripting vulnerability in Fortinet Fortiportal

A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.

4.3
2017-05-27 CVE-2017-3129 Fortinet Cross-site Scripting vulnerability in Fortinet Fortiweb

A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.

4.3
2017-05-26 CVE-2017-8542 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.

4.3
2017-05-26 CVE-2017-8539 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.

4.3
2017-05-26 CVE-2017-8537 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.

4.3
2017-05-26 CVE-2017-8536 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.

4.3
2017-05-26 CVE-2017-8535 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.

4.3
2017-05-26 CVE-2017-1325 IBM Cross-site Scripting vulnerability in IBM Inotes

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.

4.3
2017-05-26 CVE-2017-9037 Trendmicro Cross-site Scripting vulnerability in Trendmicro Serverprotect 3.0

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update, (5) T113, (6) T114, (7) T115, (8) T117117, (9) T118, (10) T_action_fail, (11) T_ptn_update, (12) textarea, (13) textfield5, or (14) tmLastConfigFileModifiedDate parameter to notification.cgi.

4.3
2017-05-26 CVE-2017-9032 Trendmicro Cross-site Scripting vulnerability in Trendmicro Serverprotect 3.0

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi.

4.3
2017-05-26 CVE-2017-5868 Openvpn CRLF Injection vulnerability in Openvpn Access Server 2.1.4

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.

4.3
2017-05-25 CVE-2016-3084 Pivotal Software
Cloudfoundry
Permissions, Privileges, and Access Controls vulnerability in multiple products

The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time.

4.3
2017-05-25 CVE-2016-2165 Cloudfoundry
Pivotal Software
Improper Input Validation vulnerability in multiple products

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response.

4.3
2017-05-25 CVE-2016-0781 Pivotal Software
Cloudfoundry
Cross-site Scripting vulnerability in multiple products

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.

4.3
2017-05-25 CVE-2015-3189 Cloudfoundry
Pivotal Software
Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products

With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one.

4.3
2017-05-23 CVE-2017-8314 Kodi
Debian
Path Traversal vulnerability in multiple products

Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.

4.3
2017-05-23 CVE-2017-9210 Qpdf Project
Canonical
Infinite Loop vulnerability in multiple products

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.

4.3
2017-05-23 CVE-2017-9209 Qpdf Project
Canonical
Infinite Loop vulnerability in multiple products

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.

4.3
2017-05-23 CVE-2017-9208 Qpdf Project
Canonical
Infinite Loop vulnerability in multiple products

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.

4.3
2017-05-23 CVE-2017-9207 Entropymine Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.1

The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.

4.3
2017-05-23 CVE-2017-9206 Entropymine Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.1

The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.

4.3
2017-05-23 CVE-2017-9205 Entropymine Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.1

The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.

4.3
2017-05-23 CVE-2017-9204 Entropymine Out-of-bounds Read vulnerability in Entropymine Imageworsener 1.3.1

The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.

4.3
2017-05-23 CVE-2017-9203 Entropymine Out-of-bounds Write vulnerability in Entropymine Imageworsener 1.3.1

imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c.

4.3
2017-05-23 CVE-2017-9202 Entropymine Divide By Zero vulnerability in Entropymine Imageworsener 1.3.1

imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.

4.3
2017-05-23 CVE-2017-9201 Entropymine Divide By Zero vulnerability in Entropymine Imageworsener 1.3.1

imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.

4.3
2017-05-23 CVE-2017-7288 Zimbra
Synacor
Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2017-05-23 CVE-2015-8477 Redmine Cross-site Scripting vulnerability in Redmine

Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.

4.3
2017-05-23 CVE-2015-5381 Roundcube Cross-site Scripting vulnerability in Roundcube Webmail and Webmail

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

4.3
2017-05-22 CVE-2017-9147 Libtiff Out-of-bounds Read vulnerability in Libtiff 4.0.7

LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.

4.3
2017-05-22 CVE-2017-2174 IPA Cross-site Scripting vulnerability in IPA Empirical Project Monitor - Extended

Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2017-05-22 CVE-2017-2171 Bestwebsoft XML Injection (aka Blind XPath Injection) vulnerability in Bestwebsoft products

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF & Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7.

4.3
2017-05-22 CVE-2017-2169 Maxbuttons Project Cross-site Scripting vulnerability in Maxbuttons Project Maxbuttons

Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2017-05-22 CVE-2017-2168 Wpbookingsystem Cross-site Scripting vulnerability in Wpbookingsystem WP Booking System

Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2017-05-22 CVE-2016-4903 WP Olivecart Cross-site Scripting vulnerability in Wp-Olivecart Olivecart and Olivecartpro

Cross-site scripting vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2017-05-22 CVE-2017-9144 Imagemagick
Debian
Improper Input Validation vulnerability in multiple products

In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.

4.3
2017-05-22 CVE-2017-9143 Imagemagick
Debian
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.

4.3
2017-05-22 CVE-2017-9142 Imagemagick
Debian
Reachable Assertion vulnerability in multiple products

In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.

4.3
2017-05-22 CVE-2017-9141 Imagemagick
Debian
Reachable Assertion vulnerability in multiple products

In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.

4.3
2017-05-22 CVE-2017-6990 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-6988 Apple Improper Certificate Validation vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-6987 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-6982 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2549 Apple Cross-site Scripting vulnerability in Apple Iphone OS, Safari and Tvos

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2540 Apple Improper Input Validation vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2528 Apple Cross-site Scripting vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2516 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2511 Apple Improper Input Validation vulnerability in Apple Safari

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2510 Apple Cross-site Scripting vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2509 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2508 Apple Cross-site Scripting vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2507 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2504 Apple Cross-site Scripting vulnerability in Apple Iphone OS, Safari and Tvos

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2502 Apple Multiple Security vulnerability in Apple iOS/WatchOS/tvOS/macOS

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2500 Apple Improper Input Validation vulnerability in Apple Safari

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-2495 Apple Improper Input Validation vulnerability in Apple Iphone OS and Safari

An issue was discovered in certain Apple products.

4.3
2017-05-22 CVE-2017-6654 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5)/11.0(1.10000.10)/11.5(1.10000.6)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2017-05-26 CVE-2015-0269 Contao Path Traversal vulnerability in Contao CMS

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.

4.0
2017-05-25 CVE-2015-1834 Cloudfoundry
Pivotal Software
Path Traversal vulnerability in multiple products

A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2.

4.0
2017-05-23 CVE-2017-5966 Sitecore Path Traversal vulnerability in Sitecore CRM 8.1

Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.

4.0
2017-05-23 CVE-2015-5382 Roundcube Information Exposure vulnerability in Roundcube Webmail and Webmail

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.

4.0
2017-05-22 CVE-2017-6637 Cisco Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system.

4.0
2017-05-22 CVE-2017-6636 Cisco Path Traversal vulnerability in Cisco Prime Collaboration Provisioning

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system.

4.0

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-05-28 CVE-2017-9249 Allen Disk Project Cross-site Scripting vulnerability in Allen Disk Project Allen Disk 1.6

Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file.

3.5
2017-05-28 CVE-2016-10376 Gajim Cryptographic Issues vulnerability in Gajim

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension.

3.5
2017-05-26 CVE-2017-1291 IBM Cross-site Scripting vulnerability in IBM products

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks.

3.5
2017-05-23 CVE-2017-3128 Fortinet Cross-site Scripting vulnerability in Fortinet Fortios

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.

3.5
2017-05-23 CVE-2017-5870 Vimbadmin Cross-site Scripting vulnerability in Vimbadmin 3.0.15

Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password.

3.5
2017-05-22 CVE-2017-1320 IBM Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting.

3.5
2017-05-22 CVE-2017-1282 IBM Cross-site Scripting vulnerability in IBM Content Navigator

IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting.

3.5
2017-05-22 CVE-2017-2173 IPA Cross-site Scripting vulnerability in IPA Empirical Project Monitor - Extended

Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5
2017-05-22 CVE-2017-2162 Toshiba Unspecified vulnerability in Toshiba Flashair

FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser.

3.3
2017-05-22 CVE-2016-4863 Toshiba Improper Authentication vulnerability in Toshiba Flashair

The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data.

3.3
2017-05-22 CVE-2017-2161 Toshiba Forced Browsing vulnerability in Toshiba Flashair

FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.

2.7
2017-05-22 CVE-2017-9150 Linux Information Exposure vulnerability in Linux Kernel

The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.

2.1