Weekly Vulnerabilities Reports > May 29 to June 4, 2017
Overview
108 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 44 high severity vulnerabilities. This weekly summary report vulnerabilities in 78 products from 64 vendors including Wireshark, Juniper, Debian, Lenovo, and Bigtreecms. Vulnerabilities are notably categorized as "Cross-site Scripting", "Missing Release of Resource after Effective Lifetime", "Improper Input Validation", "Infinite Loop", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 94 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 84 reported vulnerabilities are exploitable by an anonymous user.
- Wireshark has the most reported vulnerabilities, with 12 reported vulnerabilities.
- Moxa has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-06-04 | CVE-2017-9417 | Broadcom | Unspecified vulnerability in Broadcom Bcm43Xx Wi-Fi Chipset Firmware Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. | 9.8 |
2017-06-02 | CVE-2017-9364 | Bigtreecms | Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | 9.8 |
2017-06-02 | CVE-2017-9363 | Soffid | Deserialization of Untrusted Data vulnerability in Soffid IAM 1.7.4 Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request. | 9.8 |
2017-06-02 | CVE-2017-9360 | Websitebaker | SQL Injection vulnerability in Websitebaker 2.10.0 WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | 9.8 |
2017-06-01 | CVE-2015-5473 | Samsung | Path Traversal vulnerability in Samsung Syncthru 6 Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. | 9.8 |
2017-06-01 | CVE-2015-0936 | Ceragon | Key Management Errors vulnerability in Ceragon Fibeair Ip-10 Firmware Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | 9.8 |
2017-05-30 | CVE-2017-7494 | Samba Debian | Code Injection vulnerability in multiple products Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. | 9.8 |
2017-05-29 | CVE-2017-9294 | Hitachi | Unspecified vulnerability in Hitachi Device Manager RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports. | 9.8 |
2017-05-29 | CVE-2017-9148 | Freeradius | Improper Authentication vulnerability in Freeradius The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. | 9.8 |
2017-05-29 | CVE-2017-7915 | Moxa | Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa products An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. | 9.8 |
2017-05-29 | CVE-2017-7913 | Moxa | Insufficiently Protected Credentials vulnerability in Moxa products A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. | 9.8 |
2017-05-29 | CVE-2017-9265 | Openvswitch | Out-of-bounds Read vulnerability in Openvswitch 2.7.0 In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. | 9.8 |
2017-05-29 | CVE-2017-9264 | Openvswitch | Out-of-bounds Read vulnerability in Openvswitch 2.6.1 In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. | 9.8 |
44 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-06-04 | CVE-2017-9427 | Bigtreecms | SQL Injection vulnerability in Bigtreecms Bigtree CMS SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. | 8.8 |
2017-06-04 | CVE-2016-8229 | Lenovo | Cross-Site Request Forgery (CSRF) vulnerability in Lenovo Service Bridge A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | 8.8 |
2017-06-02 | CVE-2017-9380 | Open EMR | Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | 8.8 |
2017-06-02 | CVE-2017-9379 | Bigtreecms | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php. | 8.8 |
2017-06-02 | CVE-2017-9365 | Bigtreecms | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. | 8.8 |
2017-06-01 | CVE-2017-8386 | GIT Opensuse Debian Canonical Fedoraproject | git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. | 8.8 |
2017-05-31 | CVE-2017-8402 | Pivotx | Code Injection vulnerability in Pivotx 2.3.11 PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file. | 8.8 |
2017-05-30 | CVE-2017-2306 | Juniper | Incorrect Authorization vulnerability in Juniper Junos Space On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device. | 8.8 |
2017-05-30 | CVE-2017-2305 | Juniper | Incorrect Authorization vulnerability in Juniper Junos Space On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation. | 8.8 |
2017-05-29 | CVE-2017-7917 | Moxa | Cross-Site Request Forgery (CSRF) vulnerability in Moxa products A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. | 8.8 |
2017-05-29 | CVE-2016-10377 | Openvswitch | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openvswitch 2.5.0 In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch. | 8.8 |
2017-06-04 | CVE-2016-8228 | Lenovo | Permissions, Privileges, and Access Controls vulnerability in Lenovo Service Bridge In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | 7.8 |
2017-06-01 | CVE-2015-6531 | Paloaltonetworks | Code Injection vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. | 7.8 |
2017-05-29 | CVE-2017-9301 | Videolan | Out-of-bounds Read vulnerability in Videolan VLC Media Player plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file. | 7.8 |
2017-05-29 | CVE-2017-9300 | Videolan | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. | 7.8 |
2017-06-04 | CVE-2017-9428 | Bigtreecms | Path Traversal vulnerability in Bigtreecms Bigtree CMS A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter. | 7.5 |
2017-06-04 | CVE-2016-8231 | Lenovo | Improper Certificate Validation vulnerability in Lenovo Service Bridge In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | 7.5 |
2017-06-04 | CVE-2016-8230 | Lenovo | Information Exposure vulnerability in Lenovo Service Bridge In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. | 7.5 |
2017-06-02 | CVE-2017-9372 | Digium | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Certified Asterisk and Open Source PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. | 7.5 |
2017-06-02 | CVE-2017-9359 | Digium | Out-of-bounds Read vulnerability in Digium Certified Asterisk and Open Source The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | 7.5 |
2017-06-02 | CVE-2017-9358 | Sangoma Asterisk | Infinite Loop vulnerability in multiple products A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). | 7.5 |
2017-06-02 | CVE-2017-9354 | Wireshark | Improper Input Validation vulnerability in Wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. | 7.5 |
2017-06-02 | CVE-2017-9353 | Wireshark | Improper Input Validation vulnerability in Wireshark In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. | 7.5 |
2017-06-02 | CVE-2017-9352 | Wireshark | Infinite Loop vulnerability in Wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. | 7.5 |
2017-06-02 | CVE-2017-9351 | Wireshark | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. | 7.5 |
2017-06-02 | CVE-2017-9350 | Wireshark | Allocation of Resources Without Limits or Throttling vulnerability in Wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. | 7.5 |
2017-06-02 | CVE-2017-9349 | Wireshark Debian | Infinite Loop vulnerability in multiple products In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. | 7.5 |
2017-06-02 | CVE-2017-9348 | Wireshark | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. | 7.5 |
2017-06-02 | CVE-2017-9347 | Wireshark | NULL Pointer Dereference vulnerability in Wireshark In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. | 7.5 |
2017-06-02 | CVE-2017-9346 | Wireshark | Infinite Loop vulnerability in Wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. | 7.5 |
2017-06-02 | CVE-2017-9345 | Wireshark | Infinite Loop vulnerability in Wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. | 7.5 |
2017-06-02 | CVE-2017-9344 | Wireshark Debian | Divide By Zero vulnerability in multiple products In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. | 7.5 |
2017-06-02 | CVE-2017-9343 | Wireshark | NULL Pointer Dereference vulnerability in Wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. | 7.5 |
2017-06-01 | CVE-2017-9334 | Call CC | Improper Input Validation vulnerability in Call-Cc Chicken An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. | 7.5 |
2017-05-31 | CVE-2017-9304 | Virustotal | Uncontrolled Recursion vulnerability in Virustotal Yara 3.5.0 libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. | 7.5 |
2017-05-30 | CVE-2017-7502 | Mozilla | Unspecified vulnerability in Mozilla Network Security Services Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. | 7.5 |
2017-05-30 | CVE-2017-2304 | Juniper | Information Exposure vulnerability in Juniper Junos 14.1X53/15.1/15.1X53 Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. | 7.5 |
2017-05-30 | CVE-2017-2303 | Juniper | Unspecified vulnerability in Juniper Junos On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition. | 7.5 |
2017-05-30 | CVE-2017-2302 | Juniper | Unspecified vulnerability in Juniper Junos On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. | 7.5 |
2017-05-30 | CVE-2017-2301 | Juniper | Unspecified vulnerability in Juniper Junos On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D12 or 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R7, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D60, 15.1X53 prior to 15.1X53-D30 and DHCPv6 enabled, when a crafted DHCPv6 packet is received from a subscriber, jdhcpd daemon crashes and restarts. | 7.5 |
2017-05-30 | CVE-2017-2300 | Juniper | Unspecified vulnerability in Juniper Junos On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets. | 7.5 |
2017-05-30 | CVE-2016-3083 | Apache | Improper Certificate Validation vulnerability in Apache Hive Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). | 7.5 |
2017-05-29 | CVE-2016-10379 | Virtuemart | SQL Injection vulnerability in Virtuemart 3.0.14 The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php. | 7.2 |
2017-05-29 | CVE-2016-10378 | E107 | SQL Injection vulnerability in E107 2.1.1 e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. | 7.2 |
50 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-05-31 | CVE-2017-5688 | Intel | Unspecified vulnerability in Intel Solid State Drive Toolbox 3.4.3 There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code. | 6.7 |
2017-06-04 | CVE-2017-9416 | Odoo | Path Traversal vulnerability in Odoo 10.0/8.0/9.0 Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. | 6.5 |
2017-06-02 | CVE-2017-9409 | Imagemagick | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55 In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
2017-06-02 | CVE-2017-9408 | Freedesktop Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
2017-06-02 | CVE-2017-9407 | Imagemagick | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55 In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
2017-06-02 | CVE-2017-9406 | Freedesktop Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
2017-06-02 | CVE-2017-9405 | Imagemagick | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55 In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
2017-06-02 | CVE-2017-9404 | Libtiff Debian Canonical | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
2017-06-02 | CVE-2017-9403 | Libtiff Debian Canonical | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. | 6.5 |
2017-06-02 | CVE-2017-0896 | Zulip | Missing Authorization vulnerability in Zulip Server Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this. | 6.5 |
2017-06-02 | CVE-2017-9378 | Bigtreecms | Incorrect Authorization vulnerability in Bigtreecms Bigtree CMS BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. | 6.5 |
2017-06-01 | CVE-2017-7999 | Eucalyptus | Unspecified vulnerability in Eucalyptus Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors. | 6.5 |
2017-05-31 | CVE-2017-9307 | Allen Disk Project | Server-Side Request Forgery (SSRF) vulnerability in Allen Disk Project Allen Disk 1.6 SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | 6.5 |
2017-05-31 | CVE-2017-8782 | Libming | Integer Overflow or Wraparound vulnerability in Libming 0.4.8 The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. | 6.5 |
2017-05-30 | CVE-2017-2308 | Juniper | XXE vulnerability in Juniper Junos Space An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. | 6.5 |
2017-05-29 | CVE-2017-9295 | Hitachi | XXE vulnerability in Hitachi Device Manager XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | 6.5 |
2017-05-29 | CVE-2017-9287 | Openldap Debian Redhat Mcafee Oracle | Double Free vulnerability in multiple products servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. | 6.5 |
2017-05-29 | CVE-2017-9263 | Openvswitch | Improper Input Validation vulnerability in Openvswitch 2.7.0 In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. | 6.5 |
2017-05-29 | CVE-2017-9262 | Imagemagick | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56 In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
2017-05-29 | CVE-2017-9261 | Imagemagick | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56 In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 6.5 |
2017-06-04 | CVE-2012-6705 | Jamroom | Cross-site Scripting vulnerability in Jamroom 4.2.6 Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field. | 6.1 |
2017-06-02 | CVE-2017-9361 | Websitebaker | Cross-site Scripting vulnerability in Websitebaker 2.10.0 WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. | 6.1 |
2017-06-01 | CVE-2017-7384 | Flipbuilder | Cross-site Scripting vulnerability in Flipbuilder Flip PDF Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter. | 6.1 |
2017-06-01 | CVE-2017-3127 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | 6.1 |
2017-06-01 | CVE-2017-9337 | Markdown ON Save Improved Project | Cross-site Scripting vulnerability in Markdown on Save Improved Project Markdown on Save Improved 2.5 The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post. | 6.1 |
2017-06-01 | CVE-2017-9336 | WP Editor MD Project | Cross-site Scripting vulnerability in WP Editor.Md Project WP Editor.Md 1.6 The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. | 6.1 |
2017-05-31 | CVE-2017-9306 | Syspass | Cross-site Scripting vulnerability in Syspass 2.1.9 inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. | 6.1 |
2017-05-31 | CVE-2017-9305 | Tiki | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 16.2 lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php. | 6.1 |
2017-05-30 | CVE-2017-2307 | Juniper | Cross-site Scripting vulnerability in Juniper Junos Space A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space. | 6.1 |
2017-05-29 | CVE-2017-9303 | Laravel | Improper Input Validation vulnerability in Laravel 5.4.0 Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. | 6.1 |
2017-05-29 | CVE-2017-9299 | Otrs | Cross-site Scripting vulnerability in Otrs 3.3.9 Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. | 6.1 |
2017-05-29 | CVE-2017-9297 | Hitachi | Open Redirect vulnerability in Hitachi Device Manager Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. | 6.1 |
2017-05-29 | CVE-2017-9296 | Hitachi | Open Redirect vulnerability in Hitachi Device Manager Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. | 6.1 |
2017-05-29 | CVE-2017-9292 | Lansweeper | Cross-site Scripting vulnerability in Lansweeper Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. | 6.1 |
2017-05-29 | CVE-2017-9289 | Note Project | Cross-site Scripting vulnerability in Note Project Note Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter). | 6.1 |
2017-05-29 | CVE-2017-9288 | Raygun | Cross-site Scripting vulnerability in Raygun Raygun4Wp 1.8.0 The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). | 6.1 |
2017-06-01 | CVE-2017-6512 | File Canonical Debian | Race Condition vulnerability in multiple products Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. | 5.9 |
2017-05-30 | CVE-2017-2309 | Juniper | Information Exposure vulnerability in Juniper Junos Space On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. | 5.9 |
2017-06-04 | CVE-2014-9983 | Rarlab | Path Traversal vulnerability in Rarlab RAR Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. | 5.5 |
2017-06-04 | CVE-2017-3740 | Lenovo | Unspecified vulnerability in Lenovo Active Protection System In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality. | 5.5 |
2017-06-01 | CVE-2017-9060 | Qemu | Memory Leak vulnerability in Qemu Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands. | 5.5 |
2017-05-31 | CVE-2017-4897 | Vmware | Improper Input Validation vulnerability in VMWare Horizon Daas 6.1.6 VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. | 5.5 |
2017-05-30 | CVE-2017-7511 | Freedesktop | NULL Pointer Dereference vulnerability in Freedesktop Poppler poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. | 5.5 |
2017-05-29 | CVE-2017-9302 | Realnetworks | Divide By Zero vulnerability in Realnetworks Realplayer 16.0.2.32 RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file. | 5.5 |
2017-06-01 | CVE-2017-9331 | Epesi | Cross-site Scripting vulnerability in Epesi The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter. | 5.4 |
2017-05-29 | CVE-2017-9298 | Hitachi | Cross-site Scripting vulnerability in Hitachi Device Manager Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | 5.4 |
2017-06-02 | CVE-2017-6039 | Phoenixbroadband | Use of Hard-coded Credentials vulnerability in Phoenixbroadband Poweragent SC3 BMS Firmware 6.86 A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. | 5.3 |
2017-05-30 | CVE-2017-2311 | Juniper | Unspecified vulnerability in Juniper Junos Space On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition. | 5.3 |
2017-05-30 | CVE-2017-2310 | Juniper | Unspecified vulnerability in Juniper Junos Space A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk. | 5.3 |
2017-06-02 | CVE-2017-9366 | Epesi | Cross-site Scripting vulnerability in Epesi Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter. | 4.8 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-06-04 | CVE-2017-3741 | Lenovo | Unspecified vulnerability in Lenovo Power Management 1.67.12.19/1.67.12.23 In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. | 3.3 |