Weekly Vulnerabilities Reports > June 26 to July 2, 2017

Overview

186 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 35 high severity vulnerabilities. This weekly summary report vulnerabilities in 300 products from 82 vendors including Microsoft, Foscam, Audiocoding, IBM, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Out-of-bounds Read", "Cross-site Scripting", and "OS Command Injection".

  • 156 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 46 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 159 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-06-30 CVE-2017-6044 Sierra Wireless Missing Authentication for Critical Function vulnerability in Sierra Wireless products

An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11.

10.0
2017-06-30 CVE-2016-9358 Marel USE of Hard-Coded Credentials vulnerability in Marel products

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system.

10.0
2017-06-29 CVE-2017-4997 EMC Improper Input Validation vulnerability in EMC Vasa Provider Virtual Appliance

EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.

10.0
2017-06-27 CVE-2016-0959 Adobe
Apple
Microsoft
Google
Linux
USE After Free vulnerability in Adobe products

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.

10.0
2017-06-26 CVE-2017-6326 Symantec Remote Code Execution vulnerability in Symantec Messaging Gateway

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.

10.0
2017-06-29 CVE-2017-8558 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption.

9.3
2017-06-30 CVE-2017-7901 Rockwellautomation USE of Insufficiently Random Values vulnerability in Rockwellautomation products

A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.

9.0
2017-06-26 CVE-2016-8493 Fortinet Permissions, Privileges, and Access Controls vulnerability in Fortinet Forticlient 5.4.1/5.4.2

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.

9.0

35 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-06-27 CVE-2016-4383 HP Improper Access Control vulnerability in HP Helion Openstack Glance

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

8.5
2017-07-02 CVE-2017-8797 Linux Improper Validation of Array Index vulnerability in Linux Kernel

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker.

7.8
2017-06-30 CVE-2017-6017 Schneider Electric Resource Exhaustion vulnerability in Schneider-Electric products

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H.

7.8
2017-06-26 CVE-2017-6678 Cisco Improper Handling of Exceptional Conditions vulnerability in Cisco Virtualized Packet Core

A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition.

7.8
2017-06-27 CVE-2014-6354 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code.

7.6
2017-07-01 CVE-2017-10788 DBD Mysql Project USE After Free vulnerability in Dbd-Mysql Project Dbd-Mysql

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server.

7.5
2017-06-30 CVE-2017-2292 Puppet Deserialization of Untrusted Data vulnerability in Puppet Mcollective

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server.

7.5
2017-06-30 CVE-2017-10699 Videolan Out-Of-Bounds Write vulnerability in Videolan VLC Media Player

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.

7.5
2017-06-30 CVE-2017-10670 Xoev XXE vulnerability in Xoev Osci Transport Library 1.6/1.6.1

An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure.

7.5
2017-06-30 CVE-2017-6041 Marel Unrestricted Upload of File With Dangerous Type vulnerability in Marel products

An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system.

7.5
2017-06-30 CVE-2017-6034 Schneider Electric Improper Authentication vulnerability in Schneider-Electric Modbus Firmware

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol.

7.5
2017-06-30 CVE-2017-6022 BD USE of Hard-Coded Credentials vulnerability in BD KLA Journal Service and Performa

A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions.

7.5
2017-06-29 CVE-2017-10685 GNU USE of Externally-Controlled Format String vulnerability in GNU Ncurses 6.0

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function.

7.5
2017-06-29 CVE-2017-10684 GNU Buffer Errors vulnerability in GNU Ncurses 6.0

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function.

7.5
2017-06-29 CVE-2017-10682 Piwigo SQL Injection vulnerability in Piwigo

SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.

7.5
2017-06-29 CVE-2017-10672 XML Libxml Project
Debian
USE After Free vulnerability in multiple products

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

7.5
2017-06-27 CVE-2015-1778 Opendaylight Improper Authentication vulnerability in Opendaylight

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.

7.5
2017-06-27 CVE-2017-9830 Code42 Deserialization of Untrusted Data vulnerability in Code42 Crashplan 5.4

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.

7.5
2017-06-27 CVE-2017-9841 Phpunit Project Code Injection vulnerability in PHPunit Project PHPunit

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

7.5
2017-06-27 CVE-2017-2843 Foscam OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution.

7.5
2017-06-26 CVE-2017-6324 Symantec Security Bypass vulnerability in Symantec Messaging Gateway

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled.

7.5
2017-06-26 CVE-2017-9466 TP Link USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Tp-Link Wr841N V8 Firmware

The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption.

7.5
2017-06-30 CVE-2017-10709 Google
Elephone
Improper Authentication vulnerability in Google Android 6.0

The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.

7.2
2017-06-29 CVE-2017-3748 Google
Lenovo
Local Privilege Escalation vulnerability in Lenovo VIBE Mobile

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).

7.2
2017-06-28 CVE-2017-9986 Linux Out-Of-Bounds Read vulnerability in Linux Kernel

The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.

7.2
2017-06-28 CVE-2017-9985 Linux Out-Of-Bounds Read vulnerability in Linux Kernel

The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.

7.2
2017-06-28 CVE-2017-9984 Linux Out-Of-Bounds Read vulnerability in Linux Kernel

The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.

7.2
2017-06-27 CVE-2015-1795 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Gluster Storage 3.2

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.

7.2
2017-06-26 CVE-2015-3315 Redhat Link Following vulnerability in Redhat Automatic BUG Reporting Tool

Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.

7.2
2017-06-27 CVE-2017-9257 Audiocoding Excessive Iteration vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7

The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

7.1
2017-06-27 CVE-2017-9256 Audiocoding Excessive Iteration vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7

The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

7.1
2017-06-27 CVE-2017-9255 Audiocoding Excessive Iteration vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7

The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

7.1
2017-06-27 CVE-2017-9254 Audiocoding Excessive Iteration vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7

The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

7.1
2017-06-27 CVE-2017-9253 Audiocoding Excessive Iteration vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7

The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

7.1
2017-06-27 CVE-2017-9222 Audiocoding Infinite Loop vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7

The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.

7.1

122 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-06-29 CVE-2017-3750 Google
Lenovo
Unspecified vulnerability in Google Android

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.

6.9
2017-06-29 CVE-2017-3749 Google
Lenovo
Unspecified vulnerability in Google Android

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.

6.9
2017-06-29 CVE-2017-8579 Microsoft Improper Preservation of Permissions vulnerability in Microsoft Windows 10 and Windows Server 2016

The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."

6.9
2017-06-29 CVE-2017-8576 Microsoft Improper Initialization vulnerability in Microsoft Windows 10 and Windows Server 2016

The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability."

6.9
2017-07-02 CVE-2017-8894 Aeroadmin Http Request Smuggling vulnerability in Aeroadmin 4.1

AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates.

6.8
2017-06-30 CVE-2017-6042 Sierra Wireless Cross-Site Request Forgery (CSRF) vulnerability in Sierra Wireless products

A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11.

6.8
2017-06-29 CVE-2017-10686 Nasm
Canonical
USE After Free vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm.

6.8
2017-06-29 CVE-2017-10681 Piwigo Cross-Site Request Forgery (CSRF) vulnerability in Piwigo

Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request.

6.8
2017-06-29 CVE-2017-10680 Piwigo Cross-Site Request Forgery (CSRF) vulnerability in Piwigo

Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request.

6.8
2017-06-29 CVE-2017-10678 Piwigo Cross-Site Request Forgery (CSRF) vulnerability in Piwigo

Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request.

6.8
2017-06-29 CVE-2017-5528 Tibco Cross-Site Request Forgery (CSRF) vulnerability in Tibco products

Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.

6.8
2017-06-29 CVE-2017-8613 Microsoft Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in Microsoft Azure Active Directory Connect

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."

6.8
2017-06-29 CVE-2017-10671 Sthttpd Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sthttpd Project Sthttpd

Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename.

6.8
2017-06-28 CVE-2017-9996 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

6.8
2017-06-28 CVE-2017-9995 Ffmpeg Buffer Errors vulnerability in Ffmpeg 3.3

libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

6.8
2017-06-28 CVE-2017-9994 Ffmpeg
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

6.8
2017-06-28 CVE-2017-9992 Ffmpeg
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

6.8
2017-06-28 CVE-2017-9991 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

6.8
2017-06-28 CVE-2017-9990 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

6.8
2017-06-27 CVE-2017-6086 Vimbadmin Cross-Site Request Forgery (CSRF) vulnerability in Vimbadmin 3.0.15

Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php.

6.8
2017-06-27 CVE-2017-2491 Apple USE After Free vulnerability in Apple Iphone OS

Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.

6.8
2017-06-26 CVE-2017-9949 Radare Out-Of-Bounds Write vulnerability in Radare Radare2 1.5.0

The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.

6.8
2017-06-26 CVE-2017-9935 Libtiff
Canonical
Debian
Out-Of-Bounds Read vulnerability in multiple products

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c.

6.8
2017-06-26 CVE-2017-6669 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Advanced Recording Format Player 29.10

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files.

6.8
2017-06-29 CVE-2017-2850 Foscam Http Request Smuggling vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server.

6.5
2017-06-29 CVE-2017-2849 Foscam OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection.

6.5
2017-06-29 CVE-2017-2848 Foscam OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection.

6.5
2017-06-29 CVE-2017-2847 Foscam OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection.

6.5
2017-06-29 CVE-2017-2846 Foscam OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection.

6.5
2017-06-29 CVE-2017-2845 Foscam OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37.

6.5
2017-06-29 CVE-2017-2844 Foscam OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution.

6.5
2017-06-27 CVE-2014-8149 Opendaylight Improper Input Validation vulnerability in Opendaylight Defense4All

OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files.

6.5
2017-06-27 CVE-2017-2842 Foscam OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution.

6.5
2017-06-27 CVE-2017-2841 Foscam OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37.

6.5
2017-06-26 CVE-2017-9948 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Skype 7.2/7.35/7.36

A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.

6.5
2017-06-30 CVE-2017-10669 Xoev Improper Verification of Cryptographic Signature vulnerability in Xoev Osci Transport Library 1.6/1.6.1

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET).

6.4
2017-06-30 CVE-2017-6030 Schneider Electric Insufficient Entropy vulnerability in Schneider-Electric products

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11.

6.4
2017-06-30 CVE-2017-6026 Schneider Electric USE of Insufficiently Random Values vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11.

6.4
2017-06-27 CVE-2017-1322 IBM XXE vulnerability in IBM API Connect

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

6.4
2017-06-29 CVE-2017-2851 Foscam Buffer Errors vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.

6.0
2017-06-26 CVE-2017-6325 Symantec Code Injection vulnerability in Symantec Messaging Gateway

The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time.

6.0
2017-06-26 CVE-2017-6662 Cisco XXE vulnerability in Cisco products

A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution.

6.0
2017-06-30 CVE-2017-6038 Belden Hirschmann Cross-Site Request Forgery (CSRF) vulnerability in Belden Hirschmann Gecko Lite Managed Switch Firmware

A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions.

5.8
2017-06-30 CVE-2017-6018 Bbraun Open Redirect vulnerability in Bbraun Station Firmware

An open redirect issue was discovered in B.

5.8
2017-07-02 CVE-2017-8893 Aeroadmin Buffer Errors vulnerability in Aeroadmin 4.1

AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet.

5.0
2017-07-02 CVE-2017-0377 Torproject Information Exposure vulnerability in Torproject TOR

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

5.0
2017-07-02 CVE-2017-10790 GNU Null Pointer Dereference vulnerability in GNU Libtasn1

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure.

5.0
2017-06-30 CVE-2017-7905 GE USE of Insufficiently Random Values vulnerability in GE products

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions.

5.0
2017-06-30 CVE-2017-7903 Rockwellautomation Inadequate Encryption Strength vulnerability in Rockwellautomation products

A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.

5.0
2017-06-30 CVE-2017-7902 Rockwellautomation USE of Insufficiently Random Values vulnerability in Rockwellautomation products

A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.

5.0
2017-06-30 CVE-2017-7899 Rockwellautomation Information Exposure vulnerability in Rockwellautomation products

An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.

5.0
2017-06-30 CVE-2017-7898 Rockwellautomation Improper Restriction of Excessive Authentication Attempts vulnerability in Rockwellautomation products

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.

5.0
2017-06-30 CVE-2017-6046 Sierra Wireless Information Exposure vulnerability in Sierra Wireless products

An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11.

5.0
2017-06-30 CVE-2017-6040 Belden Hirschmann Information Exposure vulnerability in Belden Hirschmann Gecko Lite Managed Switch Firmware

An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions.

5.0
2017-06-30 CVE-2017-6032 Schneider Electric Improperly Implemented Security Check FOR Standard vulnerability in Schneider-Electric Modbus Firmware

A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol.

5.0
2017-06-30 CVE-2017-6028 Schneider Electric Insufficiently Protected Credentials vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions.

5.0
2017-06-29 CVE-2017-10688 Libtiff Improper Input Validation vulnerability in Libtiff 4.0.8

In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c.

5.0
2017-06-29 CVE-2017-10687 Libsass Out-Of-Bounds Read vulnerability in Libsass 3.4.5

In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp.

5.0
2017-06-29 CVE-2017-10683 Mpg123 Out-Of-Bounds Read vulnerability in Mpg123 1.25.0

In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c.

5.0
2017-06-29 CVE-2017-10679 Piwigo Information Exposure vulnerability in Piwigo

Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album.

5.0
2017-06-29 CVE-2016-10042 Arcadyan Improper Access Control vulnerability in Arcadyan Swisscom Internet-Box Firmware

Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure.

5.0
2017-06-28 CVE-2017-7686 Apache Information Exposure vulnerability in Apache Ignite

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements.

5.0
2017-06-28 CVE-2017-9993 Ffmpeg
Debian
Information Exposure vulnerability in multiple products

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

5.0
2017-06-28 CVE-2017-9987 Libav Buffer Errors vulnerability in Libav 12.1

There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1.

5.0
2017-06-28 CVE-2017-9445 Freedesktop Out-Of-Bounds Write vulnerability in Freedesktop Systemd

In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small.

5.0
2017-06-27 CVE-2016-6342 Fedoraproject
Midas
Improper Access Control vulnerability in multiple products

elog 3.1.1 allows remote attackers to post data as any username in the logbook.

5.0
2017-06-27 CVE-2016-5414 Freeipa Improper Access Control vulnerability in Freeipa 4.4.0

FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.

5.0
2017-06-27 CVE-2015-7781 Zohocorp Permission Issues vulnerability in Zohocorp Manageengine Firewall Analyzer 7.2/7.4/7.6

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.

5.0
2017-06-27 CVE-2015-5378 Elastic
Elasticsearch
Information Exposure vulnerability in multiple products

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.

5.0
2017-06-27 CVE-2015-5180 Canonical
GNU
Null Pointer Dereference vulnerability in multiple products

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).

5.0
2017-06-27 CVE-2015-2245 Huawei Improper Input Validation vulnerability in Huawei P7-L09 Firmware

Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash).

5.0
2017-06-27 CVE-2017-9982 Teamspeak Improper Input Validation vulnerability in Teamspeak Client 3.0.19

TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the &#5610; Unicode character followed by the &#3903; Unicode character.

5.0
2017-06-27 CVE-2017-1328 IBM Security Bypass vulnerability in IBM API Connect

IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy.

5.0
2017-06-27 CVE-2016-9738 IBM 7PK - Security Features vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

5.0
2017-06-27 CVE-2016-6083 IBM Information Exposure vulnerability in IBM Tivoli Monitoring

IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information.

5.0
2017-06-27 CVE-2017-7524 Tpm2 Tools Project Insufficiently Protected Credentials vulnerability in Tpm2-Tools Project Tpm2.0-Tools

tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.

5.0
2017-06-27 CVE-2017-7508 Openvpn Reachable Assertion vulnerability in Openvpn

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

5.0
2017-06-26 CVE-2017-9953 Exiv2
Redhat
USE After Free vulnerability in multiple products

There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26.

5.0
2017-06-26 CVE-2017-7458 Ntop Null Pointer Dereference vulnerability in Ntop Ntopng

The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.

5.0
2017-06-26 CVE-2015-3215 Redhat Improper Input Validation vulnerability in Redhat Virtio-Win

The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options.

5.0
2017-06-26 CVE-2017-9615 Cognito Information Exposure Through LOG Files vulnerability in Cognito Moneyworks

Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.

5.0
2017-06-26 CVE-2017-7459 Ntop Injection vulnerability in Ntop Ntopng

ntopng before 3.0 allows HTTP Response Splitting.

5.0
2017-06-30 CVE-2017-10674 Antiy Improper Input Validation vulnerability in Antiy Antivirus Engine 5.0.0.06281654

Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call.

4.9
2017-06-27 CVE-2012-5010 Cisco 7PK - Security Features vulnerability in Cisco Adaptive Security Appliance Software

ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x before 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5520 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5505 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5525-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5585-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5540 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5515-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5555-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.4.x before 9.4.1 Interim, 9.1.x before 9.1.6 Interim, ASA 5580 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.1.x before 9.1.6 Interim, ASA 5585-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 9.4.x before 9.4.1 Interim, ASA 5525-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP.

4.8
2017-06-27 CVE-2015-1591 Kamailio Permissions, Privileges, and Access Controls vulnerability in Kamailio

The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.

4.6
2017-06-27 CVE-2017-1297 IBM
Linux
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM products

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code.

4.4
2017-06-26 CVE-2017-7496 Fedoraproject Improper Handling of Exceptional Conditions vulnerability in Fedoraproject ARM Installer

fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.

4.4
2017-07-02 CVE-2017-10794 Graphicsmagick Buffer Errors vulnerability in Graphicsmagick 1.3.25

When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.

4.3
2017-07-02 CVE-2017-10795 Intelliants Cross-Site Scripting vulnerability in Intelliants Subrion 4.1.4

Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069.

4.3
2017-07-02 CVE-2017-10792 GNU Null Pointer Dereference vulnerability in GNU Pspp 0.10.5Pre2

There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0.

4.3
2017-07-02 CVE-2017-10791 GNU Integer Overflow OR Wraparound vulnerability in GNU Pspp 0.10.5Pre2

There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0.

4.3
2017-07-01 CVE-2017-10789 DBD Mysql Project Unspecified vulnerability in Dbd-Mysql Project Dbd-Mysql

The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

4.3
2017-06-30 CVE-2017-2298 Puppetlabs Improper Input Validation vulnerability in Puppetlabs Mcollective-Sshkey-Security

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written.

4.3
2017-06-30 CVE-2017-8443 Elastic Information Exposure vulnerability in Elastic Kibana

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen.

4.3
2017-06-30 CVE-2017-10668 Xoev USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Xoev Osci Transport Library 1.6/1.6.1

A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET).

4.3
2017-06-30 CVE-2017-6036 Belden Hirschmann Server-Side Request Forgery (SSRF) vulnerability in Belden Hirschmann Gecko Lite Managed Switch Firmware

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions.

4.3
2017-06-29 CVE-2017-10673 GET Simple Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS

admin/profile.php in GetSimple CMS 3.x has XSS in a name field.

4.3
2017-06-29 CVE-2017-10667 ZEN Cart Cross-Site Scripting vulnerability in Zen-Cart ZEN Cart 1.6.0

In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.

4.3
2017-06-28 CVE-2017-9998 Libdwarf Project Improper Input Validation vulnerability in Libdwarf Project Libdwarf 20170628

The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

4.3
2017-06-28 CVE-2017-9989 Libming
Debian
Null Pointer Dereference vulnerability in multiple products

util/outputtxt.c in libming 0.4.8 mishandles memory allocation.

4.3
2017-06-28 CVE-2017-9988 Libming
Debian
Null Pointer Dereference vulnerability in multiple products

The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation.

4.3
2017-06-27 CVE-2016-9972 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2017-06-27 CVE-2017-7521 Openvpn Missing Release of Resource After Effective Lifetime vulnerability in Openvpn

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

4.3
2017-06-27 CVE-2017-9223 Audiocoding Out-Of-Bounds Read vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7

The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

4.3
2017-06-27 CVE-2017-9221 Audiocoding Out-Of-Bounds Read vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7

The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

4.3
2017-06-27 CVE-2017-9220 Audiocoding Buffer Errors vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7

The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file.

4.3
2017-06-27 CVE-2017-9219 Audiocoding Buffer Errors vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7

The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.

4.3
2017-06-27 CVE-2017-9218 Audiocoding Out-Of-Bounds Read vulnerability in Audiocoding Freeware Advanced Audio Decoder 2 2.7

The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

4.3
2017-06-26 CVE-2017-9955 GNU Out-Of-Bounds Read vulnerability in GNU Binutils 2.28

The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.

4.3
2017-06-26 CVE-2017-9954 GNU Out-Of-Bounds Read vulnerability in GNU Binutils 2.28

The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.

4.3
2017-06-26 CVE-2014-8127 Libtiff
Opensuse
Out-Of-Bounds Read vulnerability in multiple products

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

4.3
2017-06-26 CVE-2017-9145 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware

TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.

4.3
2017-06-26 CVE-2017-9937 Libtiff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c.

4.3
2017-06-26 CVE-2017-9936 Libtiff
Debian
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c.

4.3
2017-06-26 CVE-2017-9929 Lrzip Project Buffer Errors vulnerability in Lrzip Project Lrzip 0.631

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.

4.3
2017-06-26 CVE-2017-9928 Lrzip Project Buffer Errors vulnerability in Lrzip Project Lrzip 0.631

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.

4.3
2017-06-26 CVE-2017-7416 Ntop Cross-Site Scripting vulnerability in Ntop Ntopng

ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.

4.3
2017-06-29 CVE-2017-5529 Tibco Information Exposure vulnerability in Tibco products

JasperReports library components contain an information disclosure vulnerability.

4.0
2017-06-29 CVE-2017-1310 IBM Buffer Errors vulnerability in IBM Informix Dynamic Server 12.10

IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server.

4.0
2017-06-27 CVE-2015-7780 Zohocorp Path Traversal vulnerability in Zohocorp Manageengine Firewall Analyzer 7.2/7.4/7.6

Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.

4.0
2017-06-27 CVE-2017-7522 Openvpn Null Pointer Dereference vulnerability in Openvpn

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

4.0
2017-06-27 CVE-2017-7520 Openvpn Out-Of-Bounds Read vulnerability in Openvpn

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

4.0

21 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-06-27 CVE-2004-2778 Gentoo Permissions, Privileges, and Access Controls vulnerability in Gentoo Portage

Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.

3.6
2017-06-27 CVE-2017-1105 IBM
Linux
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM products

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service.

3.6
2017-06-30 CVE-2015-9105 Synology Cross-Site Scripting vulnerability in Synology Video Station

Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.

3.5
2017-06-30 CVE-2015-9104 Synology Cross-Site Scripting vulnerability in Synology Audio Station

Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.

3.5
2017-06-30 CVE-2015-9103 Synology Cross-Site Scripting vulnerability in Synology Note Station

Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.

3.5
2017-06-30 CVE-2015-9102 Synology Cross-Site Scripting vulnerability in Synology Photo Station

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.

3.5
2017-06-28 CVE-2017-1106 IBM Cross-Site Scripting vulnerability in IBM Curam Social Program Management

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting.

3.5
2017-06-28 CVE-2017-5241 Biscom Cross-Site Scripting vulnerability in Biscom Secure File Transfer 5.0.1000/5.0.1048/5.0.1050

Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace.

3.5
2017-06-27 CVE-2017-1234 IBM Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting.

3.5
2017-07-02 CVE-2017-10796 TP Link Improper Authentication vulnerability in Tp-Link Nc250 Firmware

On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.

3.3
2017-07-02 CVE-2017-10706 Antiy Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Antiy Antivirus Engine

When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used.

2.1
2017-06-29 CVE-2017-3747 Lenovo
Microsoft
Local Privilege Escalation vulnerability in Lenovo Nerve Center

Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.

2.1
2017-06-29 CVE-2017-8575 Microsoft Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016

The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability."

2.1
2017-06-27 CVE-2016-7062 Redhat Credentials Management vulnerability in Redhat Storage Console and Storage Console Node

rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.

2.1
2017-06-27 CVE-2015-8697 Stalin Project Improper Access Control vulnerability in Stalin Project Stalin 0.115

stalin 0.11-5 allows local users to write to arbitrary files.

2.1
2017-06-27 CVE-2015-7898 Samsung Improper Access Control vulnerability in Samsung Mobile

Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

2.1
2017-06-27 CVE-2015-7895 Samsung Improper Access Control vulnerability in Samsung Mobile

Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

2.1
2017-06-27 CVE-2015-3840 Google Improper Access Control vulnerability in Google Android

The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.

2.1
2017-06-26 CVE-2015-1870 Redhat Information Exposure vulnerability in Redhat Automatic BUG Reporting Tool

The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.

2.1
2017-06-29 CVE-2017-8554 Microsoft Information Exposure vulnerability in Microsoft products

The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application.

1.9
2017-06-26 CVE-2015-3142 Redhat Information Exposure vulnerability in Redhat Automatic BUG Reporting Tool

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.

1.9