Weekly Vulnerabilities Reports > August 7 to 13, 2017

Overview

643 new vulnerabilities reported during this period, including 62 critical vulnerabilities and 81 high severity vulnerabilities. This weekly summary report vulnerabilities in 668 products from 89 vendors including Oracle, Microsoft, Adobe, Apple, and Google. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Cross-site Scripting", "Improper Input Validation", and "Missing Release of Resource after Effective Lifetime".

  • 564 reported vulnerabilities are remotely exploitables.
  • 37 reported vulnerabilities have public exploit available.
  • 75 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 513 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 249 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 44 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

62 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-08-11 CVE-2017-3124 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module.

10.0
2017-08-11 CVE-2017-11274 Adobe USE After Free vulnerability in Adobe Digital Editions

Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability.

10.0
2017-08-11 CVE-2017-8658 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Chakracore

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

10.0
2017-08-09 CVE-2017-12762 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow.

10.0
2017-08-09 CVE-2015-0786 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Zenworks Configuration Management

Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2017-08-08 CVE-2017-3632 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar).

10.0
2017-08-08 CVE-2017-6869 Siemens Unspecified vulnerability in Siemens Viewport FOR web Office Portal

A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP.

10.0
2017-08-07 CVE-2017-12478 Unitrends Improper Authentication vulnerability in Unitrends Backup 9.1

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated.

10.0
2017-08-07 CVE-2017-12477 Unitrends Improper Authentication vulnerability in Unitrends Backup 9.1

It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed.

10.0
2017-08-11 CVE-2017-3123 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition.

9.3
2017-08-11 CVE-2017-3121 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser.

9.3
2017-08-11 CVE-2017-3120 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions.

9.3
2017-08-11 CVE-2017-3117 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF.

9.3
2017-08-11 CVE-2017-3116 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data.

9.3
2017-08-11 CVE-2017-3113 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings.

9.3
2017-08-11 CVE-2017-3106 Adobe
Apple
Linux
Microsoft
Google
Incorrect Type Conversion OR Cast vulnerability in Adobe Flash Player

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files.

9.3
2017-08-11 CVE-2017-3016 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability.

9.3
2017-08-11 CVE-2017-11271 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks.

9.3
2017-08-11 CVE-2017-11270 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons.

9.3
2017-08-11 CVE-2017-11269 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data.

9.3
2017-08-11 CVE-2017-11268 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data.

9.3
2017-08-11 CVE-2017-11267 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data.

9.3
2017-08-11 CVE-2017-11262 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string.

9.3
2017-08-11 CVE-2017-11261 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image.

9.3
2017-08-11 CVE-2017-11260 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image.

9.3
2017-08-11 CVE-2017-11259 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data.

9.3
2017-08-11 CVE-2017-11257 Adobe
Apple
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine.

9.3
2017-08-11 CVE-2017-11256 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine.

9.3
2017-08-11 CVE-2017-11251 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module.

9.3
2017-08-11 CVE-2017-11241 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons.

9.3
2017-08-11 CVE-2017-11237 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module.

9.3
2017-08-11 CVE-2017-11235 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data.

9.3
2017-08-11 CVE-2017-11234 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored.

9.3
2017-08-11 CVE-2017-11231 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine.

9.3
2017-08-11 CVE-2017-11228 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data.

9.3
2017-08-11 CVE-2017-11227 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data.

9.3
2017-08-11 CVE-2017-11226 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data.

9.3
2017-08-11 CVE-2017-11224 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine.

9.3
2017-08-11 CVE-2017-11223 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine.

9.3
2017-08-11 CVE-2017-11222 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine.

9.3
2017-08-11 CVE-2017-11221 Adobe
Apple
Microsoft
Incorrect Type Conversion OR Cast vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality.

9.3
2017-08-11 CVE-2017-11220 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure.

9.3
2017-08-11 CVE-2017-11219 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine.

9.3
2017-08-11 CVE-2017-11218 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management.

9.3
2017-08-11 CVE-2017-11216 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations.

9.3
2017-08-11 CVE-2017-11214 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path.

9.3
2017-08-11 CVE-2017-11212 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output.

9.3
2017-08-11 CVE-2017-11211 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser.

9.3
2017-08-09 CVE-2017-0745 Google Improper Initialization vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (avc decoder).

9.3
2017-08-09 CVE-2017-0723 Google Improper Initialization vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libavc).

9.3
2017-08-09 CVE-2017-0722 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (h263 decoder).

9.3
2017-08-09 CVE-2017-0721 Google Improper Input Validation vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libmpeg2).

9.3
2017-08-09 CVE-2017-0720 Google Unchecked Return Value vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libhevc).

9.3
2017-08-09 CVE-2017-0719 Google Missing Release of Resource After Effective Lifetime vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (mpeg2 decoder).

9.3
2017-08-09 CVE-2017-0718 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (mpeg2 decoder).

9.3
2017-08-09 CVE-2017-0716 Google Improper Validation of Array Index vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libmpeg2).

9.3
2017-08-09 CVE-2017-0715 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libavc).

9.3
2017-08-09 CVE-2017-0714 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (h263 decoder).

9.3
2017-08-08 CVE-2017-8691 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows 7 and Windows Server 2008

Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded fonts, aka "Express Compressed Fonts Remote Code Execution Vulnerability."

9.3
2017-08-08 CVE-2017-8620 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability".

9.3
2017-08-08 CVE-2017-0250 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability".

9.3
2017-08-07 CVE-2017-12479 Unitrends Unspecified vulnerability in Unitrends Backup 9.1

It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges.

9.0

81 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-08-08 CVE-2017-8633 Microsoft Incorrect Authorization vulnerability in Microsoft products

Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability".

8.5
2017-08-07 CVE-2017-9633 Infineon Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Infineon S-Gold 2 PMB 8876

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf.

8.3
2017-08-10 CVE-2016-8739 Apache XXE vulnerability in Apache CXF

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders.

7.8
2017-08-09 CVE-2015-2313 Capnproto Resource Exhaustion vulnerability in Capnproto

Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop.

7.8
2017-08-09 CVE-2015-2312 Capnproto Resource Exhaustion vulnerability in Capnproto

Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements.

7.8
2017-08-08 CVE-2012-0880 Apache Resource Management Errors vulnerability in Apache Xerces-C++

Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.

7.8
2017-08-08 CVE-2017-10042 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE).

7.8
2017-08-08 CVE-2017-10036 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4).

7.8
2017-08-07 CVE-2017-6745 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Videoscape Distribution Suite FOR Television

A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance.

7.8
2017-08-07 CVE-2017-12602 Opencv Unspecified vulnerability in Opencv

OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case.

7.8
2017-08-07 CVE-2017-12600 Opencv Unspecified vulnerability in Opencv

OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case.

7.8
2017-08-10 CVE-2017-8518 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8674 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8672 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8671 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8670 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8669 Microsoft Buffer Errors vulnerability in Microsoft Edge and Internet Explorer

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly handling objects in memory while rendering content, aka "Microsoft Browser Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8661 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8657 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8656 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8655 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8653 Microsoft Buffer Errors vulnerability in Microsoft Edge and Internet Explorer

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly accessing objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8651 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/9

Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8647 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8646 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8645 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8641 Microsoft Buffer Errors vulnerability in Microsoft Edge and Internet Explorer

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8640 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8639 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8638 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8636 Microsoft Buffer Errors vulnerability in Microsoft Edge and Internet Explorer

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8635 Microsoft Buffer Errors vulnerability in Microsoft Edge and Internet Explorer

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-8634 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-08-08 CVE-2017-0293 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability".

7.6
2017-08-08 CVE-2017-10016 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT Software 2013

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface).

7.6
2017-08-08 CVE-2017-10013 Oracle Unspecified vulnerability in Oracle SUN ZFS Storage Appliance KIT Software 2013

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface).

7.6
2017-08-11 CVE-2017-9800 Apache Improper Input Validation vulnerability in Apache Subversion

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command.

7.5
2017-08-11 CVE-2015-3616 Fortinet SQL Injection vulnerability in Fortinet Fortimanager Firmware

SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.

7.5
2017-08-11 CVE-2017-3108 Adobe Unrestricted Upload of File With Dangerous Type vulnerability in Adobe Experience Manager

Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.

7.5
2017-08-09 CVE-2017-12774 Finecms Project SQL Injection vulnerability in Finecms Project Finecms 1.9.5

finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database

7.5
2017-08-09 CVE-2015-6816 Fedoraproject
Ganglia
Improper Authentication vulnerability in multiple products

ganglia-web before 3.7.1 allows remote attackers to bypass authentication.

7.5
2017-08-09 CVE-2015-2311 Capnproto Integer Underflow (Wrap OR Wraparound) vulnerability in Capnproto

Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.

7.5
2017-08-09 CVE-2015-1820 Rest Client Project Session Fixation vulnerability in Rest-Client Project Rest-Client

REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.

7.5
2017-08-09 CVE-2015-0782 Novell SQL Injection vulnerability in Novell Zenworks Configuration Management

SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2017-08-09 CVE-2015-0781 Novell Path Traversal vulnerability in Novell Zenworks Configuration Management

Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.

7.5
2017-08-09 CVE-2015-0780 Novell SQL Injection vulnerability in Novell Zenworks Configuration Management

SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2017-08-09 CVE-2012-2781 Ffmpeg Unspecified vulnerability in Ffmpeg

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.

7.5
2017-08-09 CVE-2012-2780 Ffmpeg Unspecified vulnerability in Ffmpeg

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.

7.5
2017-08-09 CVE-2012-2778 Ffmpeg Unspecified vulnerability in Ffmpeg

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.

7.5
2017-08-09 CVE-2012-2773 Ffmpeg Unspecified vulnerability in Ffmpeg

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.

7.5
2017-08-09 CVE-2012-2771 Ffmpeg Unspecified vulnerability in Ffmpeg

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.

7.5
2017-08-08 CVE-2012-0803 Apache Improper Authentication vulnerability in Apache CXF 2.4.5/2.5.1

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.

7.5
2017-08-08 CVE-2017-11153 Synology Deserialization of Untrusted Data vulnerability in Synology Photo Station

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.

7.5
2017-08-08 CVE-2017-11151 Synology Improper Authentication vulnerability in Synology Photo Station

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.

7.5
2017-08-08 CVE-2017-10206 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.9

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Engagement).

7.5
2017-08-08 CVE-2017-10146 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal).

7.5
2017-08-08 CVE-2017-10137 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI).

7.5
2017-08-08 CVE-2017-10061 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker).

7.5
2017-08-08 CVE-2017-9939 Siemens Improper Authentication vulnerability in Siemens Sipass Integrated

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations.

7.5
2017-08-07 CVE-2015-7871 NTP
Debian
Netapp
Improper Authentication vulnerability in NTP 4.2.5/4.2.6/4.2.7

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

7.5
2017-08-07 CVE-2015-7853 NTP
Netapp
Classic Buffer Overflow vulnerability in NTP

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.

7.5
2017-08-07 CVE-2015-7705 NTP
Netapp
Citrix
Improper Input Validation vulnerability in NTP

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

7.5
2017-08-07 CVE-2015-5244 MOD NSS Project Permissions, Privileges, and Access Controls vulnerability in MOD NSS Project MOD NSS

The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.

7.5
2017-08-07 CVE-2017-12650 Loginizer SQL Injection vulnerability in Loginizer

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.

7.5
2017-08-07 CVE-2017-12567 Quest SQL Injection vulnerability in Quest products

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.

7.5
2017-08-07 CVE-2017-9630 Pdqinc Improper Authentication vulnerability in Pdqinc products

An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions.

7.5
2017-08-07 CVE-2017-7928 Selinc Unspecified vulnerability in Selinc Sel-3620 Firmware and Sel-3622 Firmware

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1.

7.5
2017-08-07 CVE-2017-6747 Cisco Improper Authentication vulnerability in Cisco Identity Services Engine

A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication.

7.5
2017-08-10 CVE-2017-3753 Lenovo Code Injection vulnerability in Lenovo products

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc.

7.2
2017-08-10 CVE-2017-3751 Lenovo Unquoted Search Path OR Element vulnerability in Lenovo Thinkpad Compact USB Keyboard Driver

An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0.

7.2
2017-08-09 CVE-2015-2291 Intel
Microsoft
Improper Input Validation vulnerability in Intel products

(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.

7.2
2017-08-08 CVE-2017-8664 Microsoft Improper Input Validation vulnerability in Microsoft products

Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability".

7.2
2017-08-08 CVE-2017-8624 Microsoft Unspecified vulnerability in Microsoft products

CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".

7.2
2017-08-08 CVE-2017-8622 Microsoft Unspecified vulnerability in Microsoft Windows 10 1703

Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".

7.2
2017-08-08 CVE-2017-8591 Microsoft Unspecified vulnerability in Microsoft products

Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulnerability when it fails to properly handle objects in memory, aka "Windows IME Remote Code Execution Vulnerability".

7.2
2017-08-08 CVE-2017-11741 Hashicorp Incorrect Default Permissions vulnerability in Hashicorp Vagrant VMWare Fusion

HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.

7.2
2017-08-08 CVE-2017-10004 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

7.2
2017-08-07 CVE-2017-9647 Infineon Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Infineon S-Gold 2 PMB 8876

A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf.

7.2
2017-08-09 CVE-2017-0736 Google Unspecified vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libavc).

7.1
2017-08-07 CVE-2017-12674 Imagemagick Excessive Iteration vulnerability in Imagemagick 7.0.62

In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.

7.1
2017-08-07 CVE-2017-12643 Imagemagick Allocation of Resources Without Limits OR Throttling vulnerability in Imagemagick 7.0.61

ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.

7.1

445 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-08-08 CVE-2017-8593 Microsoft Improper Preservation of Permissions vulnerability in Microsoft products

Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".

6.9
2017-08-11 CVE-2017-6328 Symantec Cross-Site Request Forgery (CSRF) vulnerability in Symantec Message Gateway

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.

6.8
2017-08-11 CVE-2017-3119 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine.

6.8
2017-08-11 CVE-2017-11263 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding.

6.8
2017-08-11 CVE-2017-11254 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine.

6.8
2017-08-11 CVE-2017-11229 Adobe
Apple
Microsoft
Unspecified vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF).

6.8
2017-08-11 CVE-2017-8273 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur.

6.8
2017-08-11 CVE-2017-8271 Google Out-Of-Bounds Write vulnerability in Google Android

Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter.

6.8
2017-08-11 CVE-2017-8264 Google Resource Exhaustion vulnerability in Google Android

A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel.

6.8
2017-08-11 CVE-2017-8259 Google Classic Buffer Overflow vulnerability in Google Android

In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer.

6.8
2017-08-10 CVE-2017-12799 GNU Buffer Errors vulnerability in GNU Binutils 2.29

The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.

6.8
2017-08-09 CVE-2017-0750 Google Out-Of-Bounds Write vulnerability in Google Android

A elevation of privilege vulnerability in the Upstream Linux file system.

6.8
2017-08-09 CVE-2017-0749 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the Upstream Linux linux kernel.

6.8
2017-08-09 CVE-2017-0747 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the Qualcomm proprietary component.

6.8
2017-08-09 CVE-2017-0746 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the Qualcomm ipa driver.

6.8
2017-08-09 CVE-2017-0742 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek video driver.

6.8
2017-08-09 CVE-2017-0741 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek gpu driver.

6.8
2017-08-09 CVE-2017-0740 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Broadcom networking driver.

6.8
2017-08-09 CVE-2017-0737 Google Improper Validation of Array Index vulnerability in Google Android

A elevation of privilege vulnerability in the Android media framework (libstagefright).

6.8
2017-08-09 CVE-2017-0732 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the Android media framework (libstagefright).

6.8
2017-08-09 CVE-2017-0731 Google Release of Invalid Pointer OR Reference vulnerability in Google Android

A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder).

6.8
2017-08-09 CVE-2017-0729 Google Integer Overflow OR Wraparound vulnerability in Google Android

A elevation of privilege vulnerability in the Android media framework (mediadrmserver).

6.8
2017-08-09 CVE-2017-0727 Google USE After Free vulnerability in Google Android

A elevation of privilege vulnerability in the Android media framework (libgui).

6.8
2017-08-09 CVE-2017-0713 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android libraries (sfntly).

6.8
2017-08-09 CVE-2017-0712 Google Improper Input Validation vulnerability in Google Android

A elevation of privilege vulnerability in the Android framework (wi-fi service).

6.8
2017-08-09 CVE-2015-7894 Samsung Buffer Errors vulnerability in Samsung Galaxy S6 Edge Firmware Lrx22G.G925Vvru1Aoe2

The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.

6.8
2017-08-08 CVE-2017-8625 Microsoft Incorrect Default Permissions vulnerability in Microsoft Internet Explorer 11

Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".

6.8
2017-08-08 CVE-2017-8623 Microsoft Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability".

6.8
2017-08-08 CVE-2017-10183 Oracle Unspecified vulnerability in Oracle Retail Xstore Point of Service

Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale).

6.8
2017-08-08 CVE-2017-10111 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).

6.8
2017-08-08 CVE-2017-10110 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT).

6.8
2017-08-08 CVE-2017-10107 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).

6.8
2017-08-08 CVE-2017-10102 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).

6.8
2017-08-08 CVE-2017-10101 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP).

6.8
2017-08-08 CVE-2017-10096 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP).

6.8
2017-08-08 CVE-2017-10090 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).

6.8
2017-08-08 CVE-2017-10089 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO).

6.8
2017-08-08 CVE-2017-10087 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).

6.8
2017-08-08 CVE-2017-10086 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).

6.8
2017-08-08 CVE-2017-12678 Taglib Unrestricted Upload of File With Dangerous Type vulnerability in Taglib 1.11.1

In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.

6.8
2017-08-07 CVE-2017-12669 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.62

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.

6.8
2017-08-07 CVE-2017-12668 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.62

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.

6.8
2017-08-07 CVE-2017-12667 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.61

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.

6.8
2017-08-07 CVE-2017-12666 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.62

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.

6.8
2017-08-07 CVE-2017-12665 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.62

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.

6.8
2017-08-07 CVE-2017-12664 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.62

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.

6.8
2017-08-07 CVE-2017-12663 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.62

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.

6.8
2017-08-07 CVE-2017-12662 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.62

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.

6.8
2017-08-07 CVE-2016-7976 Artifex Improper Input Validation vulnerability in Artifex Ghostscript 9.18/9.20

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.

6.8
2017-08-07 CVE-2015-7571 Yeager Unrestricted Upload of File With Dangerous Type vulnerability in Yeager CMS 1.2.1

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

6.8
2017-08-07 CVE-2014-9831 Imagemagick Improper Access Control vulnerability in Imagemagick

coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.

6.8
2017-08-07 CVE-2014-9830 Imagemagick Improper Access Control vulnerability in Imagemagick

coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.

6.8
2017-08-07 CVE-2014-9828 Imagemagick Improper Access Control vulnerability in Imagemagick

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.

6.8
2017-08-07 CVE-2014-9827 Imagemagick Improper Access Control vulnerability in Imagemagick

coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.

6.8
2017-08-07 CVE-2014-1235 Graphviz Buffer Errors vulnerability in Graphviz 2.34.0

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.

6.8
2017-08-07 CVE-2017-12653 360Totalsecurity Uncontrolled Search Path Element vulnerability in 360Totalsecurity 360 Total Security 3.5.0.1033

360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.

6.8
2017-08-07 CVE-2017-12651 Loginizer Cross-Site Request Forgery (CSRF) vulnerability in Loginizer

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.

6.8
2017-08-07 CVE-2017-12644 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.61

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.

6.8
2017-08-07 CVE-2017-12642 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.61

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.

6.8
2017-08-07 CVE-2017-12641 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.61

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.

6.8
2017-08-07 CVE-2017-12640 Imagemagick Out-Of-Bounds Read vulnerability in Imagemagick 7.0.61

ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.

6.8
2017-08-07 CVE-2017-6759 Cisco Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning 12.1

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system.

6.8
2017-08-07 CVE-2017-6758 Cisco Path Traversal vulnerability in Cisco Unified Communications Manager 11.5(1.10000.6)

A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device.

6.8
2017-08-07 CVE-2017-6756 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Provisioning 12.2

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions.

6.8
2017-08-07 CVE-2017-6419 Libmspack Project
Clamav
Buffer Errors vulnerability in Libmspack Project Libmspack 0.5

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.

6.8
2017-08-07 CVE-2017-12606 Opencv
Debian
Out-Of-Bounds Write vulnerability in multiple products

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread.

6.8
2017-08-07 CVE-2017-12605 Opencv
Debian
Out-Of-Bounds Write vulnerability in multiple products

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread.

6.8
2017-08-07 CVE-2017-12604 Opencv
Debian
Out-Of-Bounds Write vulnerability in multiple products

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread.

6.8
2017-08-07 CVE-2017-12603 Opencv
Debian
Out-Of-Bounds Write vulnerability in multiple products

OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.

6.8
2017-08-07 CVE-2017-12601 Opencv
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case.

6.8
2017-08-07 CVE-2017-12599 Opencv
Debian
Out-Of-Bounds Read vulnerability in multiple products

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread.

6.8
2017-08-07 CVE-2017-12598 Opencv
Debian
Out-Of-Bounds Read vulnerability in multiple products

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case.

6.8
2017-08-07 CVE-2017-12597 Opencv
Debian
Out-Of-Bounds Write vulnerability in multiple products

OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread.

6.8
2017-08-07 CVE-2017-12596 Openexr Out-Of-Bounds Read vulnerability in Openexr 2.2.0

In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.

6.8
2017-08-11 CVE-2017-6327 Symantec Improper Input Validation vulnerability in Symantec Message Gateway

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.

6.5
2017-08-10 CVE-2017-1174 IBM SQL Injection vulnerability in IBM Sterling B2B Integrator 5.2

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection.

6.5
2017-08-09 CVE-2017-12756 Extplorer Command Injection vulnerability in Extplorer

Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter.

6.5
2017-08-09 CVE-2017-9370 Blackberry Improper Authentication vulnerability in Blackberry Workspaces

An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server.

6.5
2017-08-09 CVE-2017-12754 Asuswrt
Asuswrt Merlin
Buffer Errors vulnerability in Asuswrt-Merlin

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url.

6.5
2017-08-09 CVE-2016-5716 Puppet USE of Externally-Controlled Format String vulnerability in Puppet Enterprise

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.

6.5
2017-08-08 CVE-2017-11154 Synology Unrestricted Upload of File With Dangerous Type vulnerability in Synology Photo Station

Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.

6.5
2017-08-08 CVE-2017-10232 Oracle Unspecified vulnerability in Oracle Hospitality Websuite8 Cloud Service

Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General).

6.5
2017-08-08 CVE-2017-10202 Oracle Unspecified vulnerability in Oracle Database 11.2.0.4/12.1.0.2/12.2.0.1

Vulnerability in the OJVM component of Oracle Database Server.

6.5
2017-08-08 CVE-2017-10145 Oracle Unspecified vulnerability in Oracle Java Advanced Management Console 2.6

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server).

6.5
2017-08-08 CVE-2017-10104 Oracle Improper Privilege Management vulnerability in Oracle Java Advanced Management Console 2.6

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server).

6.5
2017-08-07 CVE-2015-7854 NTP
Netapp
Classic Buffer Overflow vulnerability in NTP

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.

6.5
2017-08-07 CVE-2015-7849 NTP
Netapp
USE After Free vulnerability in NTP

Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.

6.5
2017-08-07 CVE-2015-7887 Netapp Improper Access Control vulnerability in Netapp Snapcenter Server 1.0

NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.

6.5
2017-08-07 CVE-2014-9260 Downloadmanager Permissions, Privileges, and Access Controls vulnerability in Downloadmanager Download Manager

The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.

6.5
2017-08-07 CVE-2017-6757 Cisco SQL Injection vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5)/11.0(1.10000.10)/11.5(1.10000.6)

A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack.

6.5
2017-08-10 CVE-2017-1192 IBM XXE vulnerability in IBM Sterling B2B Integrator 5.2

IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

6.4
2017-08-09 CVE-2015-2310 Capnproto Integer Overflow OR Wraparound vulnerability in Capnproto

Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation.

6.4
2017-08-08 CVE-2017-10246 Oracle Unspecified vulnerability in Oracle Application Object Library

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp).

6.4
2017-08-08 CVE-2017-10243 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS).

6.4
2017-08-08 CVE-2017-10214 Oracle Unspecified vulnerability in Oracle Retail Xstore Point of Service

Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office).

6.4
2017-08-08 CVE-2017-10196 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3.0

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

6.4
2017-08-08 CVE-2017-10179 Oracle Unspecified vulnerability in Oracle Application Management Pack 12.1.0.4.0/13.1.1.1.0

Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring).

6.4
2017-08-08 CVE-2017-10157 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security).

6.4
2017-08-08 CVE-2017-10141 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.3.0

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

6.4
2017-08-08 CVE-2017-10047 Oracle Unspecified vulnerability in Oracle Micros Bellavita 2.7.X

Vulnerability in the MICROS BellaVita component of Oracle Hospitality Applications (subcomponent: Interface).

6.4
2017-08-08 CVE-2017-10031 Oracle Unspecified vulnerability in Oracle Communications Convergence 3.0/3.0.1

Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications (subcomponent: Mail Proxy (dojo)).

6.4
2017-08-08 CVE-2017-10025 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security).

6.4
2017-08-08 CVE-2017-6872 Siemens Exposure of Resource TO Wrong Sphere vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.

6.4
2017-08-07 CVE-2015-1555 Zend Improper Input Validation vulnerability in Zend Framework

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.

6.4
2017-08-08 CVE-2017-0174 Microsoft Unspecified vulnerability in Microsoft products

Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability".

6.1
2017-08-07 CVE-2017-6663 Cisco Unspecified vulnerability in Cisco IOS and IOS XE

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service (DoS) condition.

6.1
2017-08-09 CVE-2015-4165 Elasticsearch Permissions, Privileges, and Access Controls vulnerability in Elasticsearch 1.5.2

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.

6.0
2017-08-08 CVE-2017-10181 Oracle Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Forgot Password).

6.0
2017-08-08 CVE-2017-10131 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access).

6.0
2017-08-08 CVE-2017-10001 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 1.7.1

Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Core).

6.0
2017-08-09 CVE-2017-11506 Tenable Improper Certificate Validation vulnerability in Tenable Nessus

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection.

5.8
2017-08-08 CVE-2017-8650 Microsoft Origin Validation Error vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".

5.8
2017-08-08 CVE-2010-2245 Apache XXE vulnerability in Apache Wink

XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document.

5.8
2017-08-08 CVE-2017-3633 Oracle Unspecified vulnerability in Oracle Communications Policy Management and Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached).

5.8
2017-08-08 CVE-2017-10258 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Prtl Interaction HUB 9.1.0

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Add New Image).

5.8
2017-08-08 CVE-2017-10257 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Prtl Interaction HUB 9.1.0

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Browse Folder Hierarchy).

5.8
2017-08-08 CVE-2017-10256 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Prtl Interaction HUB 9.1.0

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP).

5.8
2017-08-08 CVE-2017-10255 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Prtl Interaction HUB 9.1.0

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP).

5.8
2017-08-08 CVE-2017-10253 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pivot Grid).

5.8
2017-08-08 CVE-2017-10249 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker).

5.8
2017-08-08 CVE-2017-10248 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Prtl Interaction HUB 9.1.0

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP).

5.8
2017-08-08 CVE-2017-10247 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Prtl Interaction HUB 9.1.0

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area).

5.8
2017-08-08 CVE-2017-10215 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Prtl Interaction HUB 9.1.0

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_DEFN_CATG).

5.8
2017-08-08 CVE-2017-10211 Oracle Unspecified vulnerability in Oracle Hospitality Suite8 8.10.0/8.10.1/8.10.2

Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect).

5.8
2017-08-08 CVE-2017-10199 Oracle Unspecified vulnerability in Oracle Ilearning 6.2

Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Pages).

5.8
2017-08-08 CVE-2017-10191 Oracle Unspecified vulnerability in Oracle web Analytics

Vulnerability in the Oracle Web Analytics component of Oracle E-Business Suite (subcomponent: Common Libraries).

5.8
2017-08-08 CVE-2017-10185 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Management).

5.8
2017-08-08 CVE-2017-10180 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: CMRO).

5.8
2017-08-08 CVE-2017-10178 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container).

5.8
2017-08-08 CVE-2017-10174 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Service Request).

5.8
2017-08-08 CVE-2017-10172 Oracle Unspecified vulnerability in Oracle Retail Open Commerce Platform Cloud Service

Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Framework).

5.8
2017-08-08 CVE-2017-10171 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Home Page).

5.8
2017-08-08 CVE-2017-10170 Oracle Unspecified vulnerability in Oracle Field Service 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP).

5.8
2017-08-08 CVE-2017-10156 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security).

5.8
2017-08-08 CVE-2017-10143 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences).

5.8
2017-08-08 CVE-2017-10128 Oracle Unspecified vulnerability in Oracle Hospitality Websuite8 Cloud Service

Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General).

5.8
2017-08-08 CVE-2017-10126 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Prtl Interaction HUB 9.1.0

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area).

5.8
2017-08-08 CVE-2017-10121 Oracle Unspecified vulnerability in Oracle Java Advanced Management Console 2.6

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server).

5.8
2017-08-08 CVE-2017-10113 Oracle Unspecified vulnerability in Oracle Common Applications

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: CRM User Management Framework).

5.8
2017-08-08 CVE-2017-10112 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Registration).

5.8
2017-08-08 CVE-2017-10106 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal).

5.8
2017-08-08 CVE-2017-10100 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Prtl Interaction HUB 9.1.0

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area).

5.8
2017-08-08 CVE-2017-10097 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 8.5.1/9.0.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting).

5.8
2017-08-08 CVE-2017-10092 Oracle Unspecified vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.5/9.3.6

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security).

5.8
2017-08-08 CVE-2017-10083 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.8
2017-08-08 CVE-2017-10082 Oracle Unspecified vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.5/9.3.6

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security).

5.8
2017-08-08 CVE-2017-10080 Oracle Unspecified vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.5/9.3.6

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security).

5.8
2017-08-08 CVE-2017-10079 Oracle Unspecified vulnerability in Oracle Hospitality Suites Management 3.7

Vulnerability in the Oracle Hospitality Suites Management component of Oracle Hospitality Applications (subcomponent: Core).

5.8
2017-08-08 CVE-2017-10075 Oracle Unspecified vulnerability in Oracle Webcenter Content 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server).

5.8
2017-08-08 CVE-2017-10070 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Prtl Interaction HUB 9.1.0

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Maintenance Folders).

5.8
2017-08-08 CVE-2017-10064 Oracle Unspecified vulnerability in Oracle Hospitality Websuite8 Cloud Service

Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General).

5.8
2017-08-08 CVE-2017-10063 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

5.8
2017-08-08 CVE-2017-10052 Oracle Unspecified vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.5/9.3.6

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: PCMServlet).

5.8
2017-08-08 CVE-2017-10049 Oracle Unspecified vulnerability in Oracle Siebel Core-Server Framework 16.0/17.0

Vulnerability in the Siebel Core CRM component of Oracle Siebel CRM (subcomponent: Search).

5.8
2017-08-08 CVE-2017-10048 Oracle Unspecified vulnerability in Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0

Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Web Interface).

5.8
2017-08-08 CVE-2017-10043 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0/11.1.1.9.0

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security).

5.8
2017-08-08 CVE-2017-10040 Oracle Unspecified vulnerability in Oracle Webcenter Content 11.1.1.9.0/12.2.1.1.0

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server).

5.8
2017-08-08 CVE-2017-10035 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0/11.1.1.9.0

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server).

5.8
2017-08-08 CVE-2017-10030 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server).

5.8
2017-08-08 CVE-2017-10029 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server).

5.8
2017-08-08 CVE-2017-10028 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server).

5.8
2017-08-08 CVE-2017-10024 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools).

5.8
2017-08-08 CVE-2017-10021 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search).

5.8
2017-08-08 CVE-2017-10017 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workcenter).

5.8
2017-08-08 CVE-2017-10005 Oracle Unspecified vulnerability in Oracle Flexcube Private Banking

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous).

5.8
2017-08-08 CVE-2017-9941 Siemens Unspecified vulnerability in Siemens Sipass Integrated

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication.

5.8
2017-08-08 CVE-2017-6873 Siemens Unspecified vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.

5.8
2017-08-08 CVE-2017-6870 Siemens Unspecified vulnerability in Siemens Simatic Wincc Sm@Rtclient 1.0

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2).

5.8
2017-08-08 CVE-2017-3562 Oracle Unspecified vulnerability in Oracle Applications DBA

Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities).

5.5
2017-08-08 CVE-2017-10230 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Dining Room Management 8.0.75

Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: SilverWhere).

5.5
2017-08-08 CVE-2017-10229 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Materials Management 7.30.562

Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: Event Viewer).

5.5
2017-08-08 CVE-2017-10228 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 8.0.0.0

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Module).

5.5
2017-08-08 CVE-2017-10226 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite).

5.5
2017-08-08 CVE-2017-10224 Oracle Unspecified vulnerability in Oracle Hospitality Inventory Management 8.5.1/9.0.0

Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Inventory and Count Cycle).

5.5
2017-08-08 CVE-2017-10223 Oracle Unspecified vulnerability in Oracle Hospitality Materials Control 8.31.4/8.32.0

Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing).

5.5
2017-08-08 CVE-2017-10222 Oracle Unspecified vulnerability in Oracle Hospitality Materials Control 8.31.4/8.32.0

Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool).

5.5
2017-08-08 CVE-2017-10177 Oracle Unspecified vulnerability in Oracle Application Object Library 12.2.6

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Flexfields).

5.5
2017-08-08 CVE-2017-10142 Oracle Improper Privilege Management vulnerability in Oracle Hospitality Reporting and Analytics 8.5.1/9.0.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Mobile Apps).

5.5
2017-08-08 CVE-2017-10098 Oracle Improper Privilege Management vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2017-08-08 CVE-2017-10085 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

5.5
2017-08-08 CVE-2017-10078 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting).

5.5
2017-08-08 CVE-2017-10076 Oracle Unspecified vulnerability in Oracle Hospitality Simphony First Edition Venue Management 3.9

Vulnerability in the Oracle Hospitality Simphony First Edition Venue Management component of Oracle Hospitality Applications (subcomponent: Core).

5.5
2017-08-08 CVE-2017-10072 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules).

5.5
2017-08-08 CVE-2017-10044 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 8.5.1/9.0.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting).

5.5
2017-08-08 CVE-2017-10032 Oracle Unspecified vulnerability in Oracle Transportation Management

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Access Control List).

5.5
2017-08-08 CVE-2017-10012 Oracle Unspecified vulnerability in Oracle Flexcube Private Banking

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations).

5.5
2017-08-08 CVE-2017-10002 Oracle Unspecified vulnerability in Oracle Hospitality Inventory Management 8.5.1/9.0.0

Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Settings and Config).

5.5
2017-08-08 CVE-2017-9940 Siemens Improper Privilege Management vulnerability in Siemens Sipass Integrated

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.

5.5
2017-08-07 CVE-2014-9262 Snapcreek Permissions, Privileges, and Access Controls vulnerability in Snapcreek Duplicator

The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.

5.5
2017-08-08 CVE-2017-10116 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security).

5.1
2017-08-08 CVE-2017-10114 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).

5.1
2017-08-08 CVE-2017-10074 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).

5.1
2017-08-08 CVE-2017-10067 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security).

5.1
2017-08-11 CVE-2015-3614 Fortinet Information Exposure vulnerability in Fortinet Fortimanager Firmware

Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.

5.0
2017-08-11 CVE-2015-1783 Fedoraproject
Entrouvert
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.

5.0
2017-08-11 CVE-2017-3110 Adobe Information Exposure vulnerability in Adobe Experience Manager

Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.

5.0
2017-08-11 CVE-2017-3107 Adobe Information Exposure vulnerability in Adobe Experience Manager

Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.

5.0
2017-08-11 CVE-2017-3091 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier have an exploitable memory corruption vulnerability.

5.0
2017-08-11 CVE-2017-3085 Adobe
Apple
Linux
Microsoft
Google
Information Exposure vulnerability in Adobe Flash Player

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

5.0
2017-08-11 CVE-2017-11280 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability.

5.0
2017-08-11 CVE-2017-11279 Adobe USE After Free vulnerability in Adobe Digital Editions

Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability.

5.0
2017-08-11 CVE-2017-11278 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability.

5.0
2017-08-11 CVE-2017-11277 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability.

5.0
2017-08-11 CVE-2017-11276 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability.

5.0
2017-08-11 CVE-2017-11275 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Digital Editions

Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability.

5.0
2017-08-11 CVE-2017-11272 Adobe Information Exposure vulnerability in Adobe Digital Editions

Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability.

5.0
2017-08-11 CVE-2017-7675 Apache Path Traversal vulnerability in Apache Tomcat

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks.

5.0
2017-08-11 CVE-2016-6796 Apache 7PK - Security Features vulnerability in Apache Tomcat

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

5.0
2017-08-10 CVE-2016-8745 Apache 7PK - Errors vulnerability in Apache Tomcat

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times.

5.0
2017-08-10 CVE-2016-6817 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Tomcat

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer.

5.0
2017-08-10 CVE-2016-6797 Apache Improper Access Control vulnerability in Apache Tomcat

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application.

5.0
2017-08-10 CVE-2017-3130 Fortinet Information Exposure vulnerability in Fortinet Fortios

An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.

5.0
2017-08-10 CVE-2017-3156 Apache Unspecified vulnerability in Apache CXF

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

5.0
2017-08-10 CVE-2016-6794 Apache Information Exposure vulnerability in Apache Tomcat

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager.

5.0
2017-08-10 CVE-2016-5018 Apache 7PK - Security Features vulnerability in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

5.0
2017-08-09 CVE-2015-6498 Alcatel Lucent 7PK - Security Features vulnerability in Alcatel-Lucent Home Device Manager 4.2.0/4.2.1

Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices.

5.0
2017-08-09 CVE-2015-3277 MOD NSS Project Information Exposure vulnerability in MOD NSS Project MOD NSS

The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring.

5.0
2017-08-09 CVE-2015-0785 Novell Information Exposure vulnerability in Novell Zenworks Configuration Management

com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.

5.0
2017-08-09 CVE-2015-0784 Novell Information Exposure vulnerability in Novell Zenworks Configuration Management

Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.

5.0
2017-08-09 CVE-2015-7764 Netflix Insufficient Entropy vulnerability in Netflix Lemur 0.1.4

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.

5.0
2017-08-09 CVE-2015-6941 Saltstack Deprecated: Information Exposure Through Debug LOG Files vulnerability in Saltstack Salt 2015

win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.

5.0
2017-08-09 CVE-2015-3405 NTP
Debian
Opensuse
Opensuse Project
Suse
Fedoraproject
Redhat
Insufficient Entropy vulnerability in multiple products

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

5.0
2017-08-08 CVE-2017-8516 Microsoft Information Exposure vulnerability in Microsoft SQL Server 2012/2014/2016

Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".

5.0
2017-08-08 CVE-2016-4456 Gnutls Improper Input Validation vulnerability in GNU Gnutls 3.4.12

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.

5.0
2017-08-08 CVE-2011-4343 Apache Information Exposure vulnerability in Apache Myfaces

Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.

5.0
2017-08-08 CVE-2010-3845 Apache Authenhook Project Information Exposure vulnerability in Apache Authenhook Project Apache Authenhook 2.0004

libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.

5.0
2017-08-08 CVE-2017-11155 Synology Information Exposure vulnerability in Synology Photo Station

An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.

5.0
2017-08-08 CVE-2017-11152 Synology Path Traversal vulnerability in Synology Photo Station

Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.

5.0
2017-08-08 CVE-2017-10245 Oracle Unspecified vulnerability in Oracle General Ledger

Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager).

5.0
2017-08-08 CVE-2017-10244 Oracle Unspecified vulnerability in Oracle Application Object Library

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments).

5.0
2017-08-08 CVE-2017-10207 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.9

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Utilities).

5.0
2017-08-08 CVE-2017-10192 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart).

5.0
2017-08-08 CVE-2017-10186 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User and Company Profile).

5.0
2017-08-08 CVE-2017-10184 Oracle Unspecified vulnerability in Oracle Field Service

Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP).

5.0
2017-08-08 CVE-2017-10176 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security).

5.0
2017-08-08 CVE-2017-10173 Oracle Unspecified vulnerability in Oracle Retail Open Commerce Platform Cloud Service

Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Website).

5.0
2017-08-08 CVE-2017-10148 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components).

5.0
2017-08-08 CVE-2017-10147 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components).

5.0
2017-08-08 CVE-2017-10144 Oracle Unspecified vulnerability in Oracle Applications Manager 12.1.3

Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces).

5.0
2017-08-08 CVE-2017-10136 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.9

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export).

5.0
2017-08-08 CVE-2017-10118 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE).

5.0
2017-08-08 CVE-2017-10117 Oracle Unspecified vulnerability in Oracle Java Advanced Management Console 2.6

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server).

5.0
2017-08-08 CVE-2017-10115 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE).

5.0
2017-08-08 CVE-2017-10109 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization).

5.0
2017-08-08 CVE-2017-10108 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization).

5.0
2017-08-08 CVE-2017-10093 Oracle Information Exposure vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.5/9.3.6

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security).

5.0
2017-08-08 CVE-2017-10053 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D).

5.0
2017-08-08 CVE-2017-9938 Siemens Improper Input Validation vulnerability in Siemens Simatic Logon

A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition.

5.0
2017-08-07 CVE-2017-12637 SAP Path Traversal vulnerability in SAP Netweaver 7.50

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a ..

5.0
2017-08-07 CVE-2016-6220 Trendmicro Information Exposure vulnerability in Trendmicro Trend Micro Control Manager 6.0

Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0.

5.0
2017-08-07 CVE-2015-7704 NTP
Debian
Netapp
Redhat
Mcafee
Citrix
Improper Input Validation vulnerability in NTP

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

5.0
2017-08-07 CVE-2015-7701 NTP
Oracle
Debian
Netapp
Redhat
Missing Release of Resource After Effective Lifetime vulnerability in NTP

Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

5.0
2017-08-07 CVE-2015-7692 NTP
Oracle
Debian
Netapp
Redhat
Improper Input Validation vulnerability in NTP

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).

5.0
2017-08-07 CVE-2015-7691 NTP
Oracle
Debian
Netapp
Redhat
Improper Input Validation vulnerability in NTP

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations.

5.0
2017-08-07 CVE-2014-3462 Opensuse
Encfs Project
Information Exposure vulnerability in multiple products

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

5.0
2017-08-07 CVE-2015-7875 Chaos Tool Suite Project Permissions, Privileges, and Access Controls vulnerability in Chaos Tool Suite Project Ctools

ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.

5.0
2017-08-07 CVE-2015-1378 Grml Permissions, Privileges, and Access Controls vulnerability in Grml Grml-Debootstrap

cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.

5.0
2017-08-07 CVE-2011-5325 Busybox Path Traversal vulnerability in Busybox

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.

5.0
2017-08-07 CVE-2017-9801 Apache Improper Input Validation vulnerability in Apache Commons Email

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.

5.0
2017-08-07 CVE-2017-9632 Pdqinc Missing Encryption of Sensitive Data vulnerability in Pdqinc products

A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions.

5.0
2017-08-07 CVE-2017-7920 ABB Improper Authentication vulnerability in ABB Vsn300 Firmware and Vsn300 for React Firmware

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior.

5.0
2017-08-07 CVE-2017-6766 Cisco Unspecified vulnerability in Cisco Firesight System Software

A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system.

5.0
2017-08-07 CVE-2017-6763 Cisco Improper Input Validation vulnerability in Cisco Meeting Server 2.1.4

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system.

5.0
2017-08-07 CVE-2017-6752 Cisco Information Exposure vulnerability in Cisco Adaptive Security Appliance Software 9.3.3/9.6.2

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames.

5.0
2017-08-07 CVE-2017-6664 Cisco Improper Certificate Validation vulnerability in Cisco IOS XE

A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked.

5.0
2017-08-07 CVE-2011-4650 Cisco Resource Management Errors vulnerability in Cisco Data Center Network Manager 5.2(1)

Cisco Data Center Network Manager is affected by Excessive Logging During a TCP Flood on Java Ports.

5.0
2017-08-09 CVE-2017-1448 IBM Open Redirect vulnerability in IBM products

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

4.9
2017-08-09 CVE-2016-8949 IBM Open Redirect vulnerability in IBM products

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

4.9
2017-08-09 CVE-2017-5694 Intel Unspecified vulnerability in Intel SSD PRO 6000P Firmware Psf104P/Psf109P

Data corruption vulnerability in firmware in Intel Solid-State Drive Professional PSF104P, PSF109P allows local users to cause a denial of service via unspecified vectors.

4.9
2017-08-08 CVE-2017-3652 Oracle
Debian
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
4.9
2017-08-08 CVE-2017-10149 Oracle Unspecified vulnerability in Oracle Primavera Unifier

Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform).

4.9
2017-08-08 CVE-2017-10134 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Eprocurement 9.2

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eProcurement).

4.9
2017-08-08 CVE-2017-10130 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Management).

4.9
2017-08-08 CVE-2017-10119 Oracle Unspecified vulnerability in Oracle Service BUS 11.1.1.9.0

Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: OSB Web Console Design, Admin).

4.9
2017-08-08 CVE-2017-10094 Oracle Improper Privilege Management vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.5/9.3.6

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security).

4.9
2017-08-08 CVE-2017-10073 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure).

4.9
2017-08-08 CVE-2017-10059 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Mobile Service).

4.9
2017-08-08 CVE-2017-10058 Oracle Unspecified vulnerability in Oracle Business Intelligence 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Administration).

4.9
2017-08-08 CVE-2017-10057 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Prtl Interaction HUB 9.1.0

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Discussion Forum).

4.9
2017-08-08 CVE-2017-10046 Oracle Improper Privilege Management vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access).

4.9
2017-08-08 CVE-2017-10041 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server).

4.9
2017-08-08 CVE-2017-10027 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Homepage & Navigation).

4.9
2017-08-08 CVE-2017-10011 Oracle Unspecified vulnerability in Oracle Flexcube Private Banking

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous).

4.9
2017-08-08 CVE-2017-10010 Oracle Unspecified vulnerability in Oracle Flexcube Private Banking

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: FileUploads).

4.9
2017-08-07 CVE-2006-3635 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state.

4.9
2017-08-08 CVE-2017-8627 Microsoft Buffer Errors vulnerability in Microsoft Windows 10 1703

Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".

4.7
2017-08-08 CVE-2017-10015 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Designer).

4.7
2017-08-10 CVE-2014-0145 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).

4.6
2017-08-08 CVE-2017-8503 Microsoft Unspecified vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability".

4.6
2017-08-08 CVE-2017-3636 Oracle
Debian
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs).
4.6
2017-08-08 CVE-2017-10242 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2017-08-08 CVE-2017-10241 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2017-08-08 CVE-2017-10240 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2017-08-08 CVE-2017-10239 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2017-08-08 CVE-2017-10238 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2017-08-08 CVE-2017-10237 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2017-08-08 CVE-2017-10236 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2017-08-08 CVE-2017-10210 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2017-08-08 CVE-2017-10204 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2017-08-08 CVE-2017-10129 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

4.6
2017-08-08 CVE-2017-10062 Oracle Unspecified vulnerability in Oracle Solaris 10

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Oracle Java Web Console).

4.6
2017-08-08 CVE-2017-6871 Siemens Improper Authentication vulnerability in Siemens products

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2).

4.6
2017-08-07 CVE-2015-5946 Sugarcrm Incomplete Blacklist vulnerability in Sugarcrm 6.5.22

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

4.6
2017-08-10 CVE-2014-0143 Redhat
Qemu
Integer Overflow OR Wraparound vulnerability in multiple products

Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.

4.4
2017-08-08 CVE-2017-10234 Oracle Unspecified vulnerability in Oracle Solaris Cluster 4.0

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition).

4.4
2017-08-08 CVE-2017-10225 Oracle Unspecified vulnerability in Oracle Hospitality RES 3700 5.5

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations).

4.4
2017-08-08 CVE-2017-10125 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).

4.4
2017-08-08 CVE-2017-10003 Oracle Unspecified vulnerability in Oracle Solaris 10

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library).

4.4
2017-08-07 CVE-2017-7936 NXP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in NXP products

A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx.

4.4
2017-08-07 CVE-2017-7932 NXP Improper Certificate Validation vulnerability in NXP products

An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus.

4.4
2017-08-11 CVE-2017-3122 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves.

4.3
2017-08-11 CVE-2017-3118 Adobe
Apple
Microsoft
Information Exposure vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments.

4.3
2017-08-11 CVE-2017-3115 Adobe
Apple
Microsoft
Information Exposure vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document.

4.3
2017-08-11 CVE-2017-11265 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module.

4.3
2017-08-11 CVE-2017-11258 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image.

4.3
2017-08-11 CVE-2017-11255 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data.

4.3
2017-08-11 CVE-2017-11252 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module.

4.3
2017-08-11 CVE-2017-11249 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record.

4.3
2017-08-11 CVE-2017-11248 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer.

4.3
2017-08-11 CVE-2017-11246 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing JPEG data.

4.3
2017-08-11 CVE-2017-11245 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data.

4.3
2017-08-11 CVE-2017-11244 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels.

4.3
2017-08-11 CVE-2017-11243 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine.

4.3
2017-08-11 CVE-2017-11242 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments.

4.3
2017-08-11 CVE-2017-11239 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings.

4.3
2017-08-11 CVE-2017-11238 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing.

4.3
2017-08-11 CVE-2017-11236 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal handling of UTF-16 literal strings.

4.3
2017-08-11 CVE-2017-11233 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels.

4.3
2017-08-11 CVE-2017-11232 Adobe
Apple
Microsoft
USE After Free vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation.

4.3
2017-08-11 CVE-2017-11230 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine.

4.3
2017-08-11 CVE-2017-11217 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings.

4.3
2017-08-11 CVE-2017-11210 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file.

4.3
2017-08-11 CVE-2017-11209 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file.

4.3
2017-08-11 CVE-2017-8269 Google Information Exposure vulnerability in Google Android

Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.

4.3
2017-08-11 CVE-2017-8258 Google Information Exposure vulnerability in Google Android

An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver.

4.3
2017-08-11 CVE-2017-7674 Apache Insufficient Verification of Data Authenticity vulnerability in Apache Tomcat

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin.

4.3
2017-08-10 CVE-2017-12798 Nexusphp Project Cross-Site Scripting vulnerability in Nexusphp Project Nexusphp 1.5

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.

4.3
2017-08-10 CVE-2016-6812 Apache Cross-Site Scripting vulnerability in Apache CXF

The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints.

4.3
2017-08-10 CVE-2016-0762 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist.

4.3
2017-08-09 CVE-2017-9799 Apache Unspecified vulnerability in Apache Storm

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user.

4.3
2017-08-09 CVE-2017-3752 IBM
Lenovo
Improper Input Validation vulnerability in multiple products

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches.

4.3
2017-08-09 CVE-2017-12777 Nexusphp Project Cross-Site Scripting vulnerability in Nexusphp Project Nexusphp 1.5

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.

4.3
2017-08-09 CVE-2017-0739 Google Information Exposure vulnerability in Google Android

A information disclosure vulnerability in the Android media framework (libhevc).

4.3
2017-08-09 CVE-2017-0738 Google Information Exposure vulnerability in Google Android

A information disclosure vulnerability in the Android media framework (audioserver).

4.3
2017-08-09 CVE-2017-0735 Google Improper Initialization vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libavc).

4.3
2017-08-09 CVE-2017-0734 Google Unspecified vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libavc).

4.3
2017-08-09 CVE-2017-0733 Google Improper Resource Shutdown OR Release vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libmediaplayerservice).

4.3
2017-08-09 CVE-2017-0730 Google Missing Initialization of Resource vulnerability in Google Android

A denial of service vulnerability in the Android media framework (h264 decoder).

4.3
2017-08-09 CVE-2017-0728 Google Unspecified vulnerability in Google Android

A denial of service vulnerability in the Android media framework (hevc decoder).

4.3
2017-08-09 CVE-2017-0726 Google Missing Release of Resource After Effective Lifetime vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libstagefright).

4.3
2017-08-09 CVE-2017-0725 Google Allocation of Resources Without Limits OR Throttling vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libskia).

4.3
2017-08-09 CVE-2017-0724 Google Improper Input Validation vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libmpeg2).

4.3
2017-08-09 CVE-2015-2674 Restkit Improper Certificate Validation vulnerability in Restkit

Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.

4.3
2017-08-09 CVE-2014-9701 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php.

4.3
2017-08-09 CVE-2014-6393 Expressjs Cross-Site Scripting vulnerability in Expressjs Express

The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.

4.3
2017-08-09 CVE-2015-5619 Elastic
Elasticsearch
Improper Certificate Validation vulnerability in multiple products

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.

4.3
2017-08-08 CVE-2017-8673 Microsoft Unspecified vulnerability in Microsoft Windows 10 1703

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability."

4.3
2017-08-08 CVE-2017-8662 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability".

4.3
2017-08-08 CVE-2017-8659 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

4.3
2017-08-08 CVE-2017-8652 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".

4.3
2017-08-08 CVE-2017-8644 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".

4.3
2017-08-08 CVE-2017-8642 Microsoft Cross-Site Scripting vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability".

4.3
2017-08-08 CVE-2017-3650 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API).

4.3
2017-08-08 CVE-2017-10198 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security).

4.3
2017-08-08 CVE-2017-10195 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.8

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export).

4.3
2017-08-08 CVE-2017-10135 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE).

4.3
2017-08-08 CVE-2017-10105 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).

4.3
2017-08-08 CVE-2017-10081 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).

4.3
2017-08-08 CVE-2017-10071 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules).

4.3
2017-08-08 CVE-2017-10019 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker).

4.3
2017-08-08 CVE-2017-12677 Identityserver Cross-Site Scripting vulnerability in Identityserver Identityserver3

IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.

4.3
2017-08-07 CVE-2017-12676 Imagemagick Improper Input Validation vulnerability in Imagemagick 7.0.63

In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.

4.3
2017-08-07 CVE-2017-12675 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.63

In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.

4.3
2017-08-07 CVE-2017-12673 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.63

In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.

4.3
2017-08-07 CVE-2017-12672 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.63

In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.

4.3
2017-08-07 CVE-2017-12671 Imagemagick USE After Free vulnerability in Imagemagick 7.0.63

In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.

4.3
2017-08-07 CVE-2017-12670 Imagemagick Reachable Assertion vulnerability in Imagemagick 7.0.63

In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.

4.3
2017-08-07 CVE-2017-12655 Nexusphp Project Cross-Site Scripting vulnerability in Nexusphp Project Nexusphp 1.5

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.

4.3
2017-08-07 CVE-2016-3113 Redhat Cross-Site Scripting vulnerability in Redhat Ovirt-Engine

Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.

4.3
2017-08-07 CVE-2015-7852 NTP
Debian
Netapp
Oracle
Redhat
Improper Input Validation vulnerability in NTP

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.

4.3
2017-08-07 CVE-2017-12654 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.63

The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.

4.3
2017-08-07 CVE-2009-5145 Zope Cross-Site Scripting vulnerability in Zope

Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.

4.3
2017-08-07 CVE-2017-12649 Liferay Cross-Site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2

XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.

4.3
2017-08-07 CVE-2017-12648 Liferay Cross-Site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2

XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.

4.3
2017-08-07 CVE-2017-12647 Liferay Cross-Site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2

XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.

4.3
2017-08-07 CVE-2017-12646 Liferay Cross-Site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2

XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.

4.3
2017-08-07 CVE-2017-12645 Liferay Cross-Site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2

XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.

4.3
2017-08-07 CVE-2016-10404 Liferay Cross-Site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2

XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.

4.3
2017-08-07 CVE-2017-6770 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software and Nx-Os

Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database.

4.3
2017-08-07 CVE-2017-6765 Cisco Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance Software 9.1(6.11)/9.4(1.2)

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS.

4.3
2017-08-07 CVE-2017-6762 Cisco Cross-Site Scripting vulnerability in Cisco Jabber Guest

A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software.

4.3
2017-08-07 CVE-2017-6761 Cisco Cross-Site Scripting vulnerability in Cisco Finesse 10.6(1)/11.5(1)

A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2017-08-07 CVE-2017-6420 Clamav USE After Free vulnerability in Clamav 0.99.2

The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.

4.3
2017-08-07 CVE-2017-6418 Clamav Out-Of-Bounds Read vulnerability in Clamav 0.99.2

libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.

4.3
2017-08-11 CVE-2017-11148 Synology Server-Side Request Forgery (SSRF) vulnerability in Synology Chat

Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.

4.0
2017-08-10 CVE-2017-7737 Fortinet Information Exposure vulnerability in Fortinet Fortiweb

An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.

4.0
2017-08-10 CVE-2017-1377 IBM Information Exposure vulnerability in IBM Runbook Automation

IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system.

4.0
2017-08-09 CVE-2017-1357 IBM Improper Input Validation vulnerability in IBM products

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks.

4.0
2017-08-09 CVE-2017-11368 Fedoraproject
MIT
Reachable Assertion vulnerability in multiple products

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

4.0
2017-08-09 CVE-2015-0783 Novell Information Exposure vulnerability in Novell Zenworks Configuration Management

The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.

4.0
2017-08-08 CVE-2017-3651 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump).

4.0
2017-08-08 CVE-2017-3649 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).

4.0
2017-08-08 CVE-2017-3648 Oracle
Debian
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets).
4.0
2017-08-08 CVE-2017-3647 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).

4.0
2017-08-08 CVE-2017-3646 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin).

4.0
2017-08-08 CVE-2017-3645 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).

4.0
2017-08-08 CVE-2017-3644 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).

4.0
2017-08-08 CVE-2017-3643 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).

4.0
2017-08-08 CVE-2017-3642 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).

4.0
2017-08-08 CVE-2017-3641 Oracle
Debian
Redhat
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).
4.0
2017-08-08 CVE-2017-3640 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).

4.0
2017-08-08 CVE-2017-3639 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).

4.0
2017-08-08 CVE-2017-3638 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).

4.0
2017-08-08 CVE-2017-3634 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).

4.0
2017-08-08 CVE-2017-10254 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Staffing Front Office 9.2

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office).

4.0
2017-08-08 CVE-2017-10218 Oracle Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.0.0/4.2.1.0

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base).

4.0
2017-08-08 CVE-2017-10217 Oracle Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.0.0/4.2.1.0

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base).

4.0
2017-08-08 CVE-2017-10216 Oracle Unspecified vulnerability in Oracle Hospitality Suite8 Property Interfaces 8.10.0/8.10.1/8.10.2

Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser).

4.0
2017-08-08 CVE-2017-10212 Oracle Unspecified vulnerability in Oracle Hospitality Suite8 8.10.0/8.10.1/8.10.2

Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect).

4.0
2017-08-08 CVE-2017-10208 Oracle Unspecified vulnerability in Oracle Hospitality E7 4.2.1

Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other).

4.0
2017-08-08 CVE-2017-10205 Oracle Unspecified vulnerability in Oracle Hospitality Simphony 2.9

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console).

4.0
2017-08-08 CVE-2017-10175 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Profiles).

4.0
2017-08-08 CVE-2017-10160 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access).

4.0
2017-08-08 CVE-2017-10150 Oracle Unspecified vulnerability in Oracle Primavera Unifier

Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform).

4.0
2017-08-08 CVE-2017-10133 Oracle Unspecified vulnerability in Oracle Hospitality Hotel Mobile 1.1

Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RestAPI).

4.0
2017-08-08 CVE-2017-10132 Oracle Unspecified vulnerability in Oracle Hospitality Hotel Mobile 1.05

Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/iOS).

4.0
2017-08-08 CVE-2017-10123 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container).

4.0
2017-08-08 CVE-2017-10103 Oracle Improper Privilege Management vulnerability in Oracle Flexcube Private Banking

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous).

4.0
2017-08-08 CVE-2017-10091 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0/13.1.0/13.2.0

Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework).

4.0
2017-08-08 CVE-2017-10084 Oracle Information Exposure vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Report Generator).

4.0
2017-08-08 CVE-2017-10038 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access).

4.0
2017-08-08 CVE-2017-10023 Oracle Unspecified vulnerability in Oracle Flexcube Private Banking

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations).

4.0
2017-08-08 CVE-2017-10022 Oracle Unspecified vulnerability in Oracle Flexcube Private Banking

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations).

4.0
2017-08-08 CVE-2017-10018 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Strategic Sourcing 9.2

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing).

4.0
2017-08-08 CVE-2017-10009 Oracle Unspecified vulnerability in Oracle Flexcube Private Banking

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous).

4.0
2017-08-08 CVE-2017-10008 Oracle Unspecified vulnerability in Oracle Flexcube Private Banking

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous).

4.0
2017-08-08 CVE-2017-10007 Oracle Unspecified vulnerability in Oracle Flexcube Private Banking

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous).

4.0
2017-08-08 CVE-2017-10006 Oracle Unspecified vulnerability in Oracle Flexcube Private Banking

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous).

4.0
2017-08-08 CVE-2017-10000 Oracle Improper Privilege Management vulnerability in Oracle Hospitality Reporting and Analytics 8.5.1/9.0.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting).

4.0
2017-08-07 CVE-2017-6866 Siemens Access Bypass vulnerability in Siemens XHQ

A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.

4.0
2017-08-07 CVE-2015-7855 NTP
Debian
Netapp
Improper Input Validation vulnerability in NTP

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.

4.0
2017-08-07 CVE-2015-7850 NTP
Debian
Netapp
Infinite Loop vulnerability in NTP

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.

4.0
2017-08-07 CVE-2015-7702 NTP
Oracle
Debian
Netapp
Redhat
Improper Input Validation vulnerability in NTP

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).

4.0
2017-08-07 CVE-2017-7916 ABB Improper Privilege Management vulnerability in ABB Vsn300 Firmware and Vsn300 for React Firmware

A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior.

4.0
2017-08-07 CVE-2017-6754 Cisco SQL Injection vulnerability in Cisco Smart NET Total Care Collector Appliance 3.11

A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks.

4.0

55 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-08-08 CVE-2017-10221 Oracle Unspecified vulnerability in Oracle Hospitality RES 3700 5.5

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations).

3.7
2017-08-08 CVE-2017-10235 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

3.6
2017-08-08 CVE-2017-10233 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

3.6
2017-08-08 CVE-2017-10209 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

3.6
2017-08-08 CVE-2017-10200 Oracle Unspecified vulnerability in Oracle Hospitality E7 4.2.1

Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other).

3.6
2017-08-08 CVE-2017-10187 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).

3.6
2017-08-08 CVE-2017-10088 Oracle Unspecified vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.5/9.3.6

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security).

3.6
2017-08-11 CVE-2015-3615 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortimanager Firmware

Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.

3.5
2017-08-11 CVE-2017-9556 Synology Cross-Site Scripting vulnerability in Synology Video Station

Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.

3.5
2017-08-10 CVE-2017-1431 IBM Cross-Site Scripting vulnerability in IBM Infosphere Streams

IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting.

3.5
2017-08-10 CVE-2017-1168 IBM Cross-Site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-08-09 CVE-2016-6121 IBM Cross-Site Scripting vulnerability in IBM products

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting.

3.5
2017-08-09 CVE-2014-5144 Telescopeapp Cross-Site Scripting vulnerability in Telescopeapp Telescope

Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.

3.5
2017-08-08 CVE-2017-8654 Microsoft Cross-Site Scripting vulnerability in Microsoft Sharepoint Server 2010

Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability".

3.5
2017-08-08 CVE-2017-3653 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).

3.5
2017-08-08 CVE-2017-3637 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin).

3.5
2017-08-08 CVE-2017-3635 Oracle
Debian
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C).
3.5
2017-08-08 CVE-2017-3529 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF).

3.5
2017-08-08 CVE-2017-10182 Oracle Unspecified vulnerability in Oracle Hospitality Opera 5 Property Services 5.4.0/5.4.1/5.4.3

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Export Functionality).

3.5
2017-08-08 CVE-2017-10069 Oracle Unspecified vulnerability in Oracle Payment Interface 6.1.1

Vulnerability in the Oracle Payment Interface component of Oracle Hospitality Applications (subcomponent: Core).

3.5
2017-08-08 CVE-2017-10039 Oracle Unspecified vulnerability in Oracle Agile Product Governance and Compliance 9.3.5/9.3.6

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Web Client).

3.5
2017-08-07 CVE-2015-7561 Google
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

3.5
2017-08-07 CVE-2017-6769 Cisco Cross-Site Scripting vulnerability in Cisco Secure Access Control System 5.8(0.8)/5.8(1.5)

A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system.

3.5
2017-08-07 CVE-2017-6764 Cisco Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance Software 9.5(1)

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

3.5
2017-08-08 CVE-2017-10168 Oracle Unspecified vulnerability in Oracle Hospitality Hotel Mobile 1.1

Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite 8/Windows).

3.3
2017-08-07 CVE-2017-6665 Cisco Cleartext Transmission of Sensitive Information vulnerability in Cisco IOS and IOS XE

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within an affected system, an Information Disclosure Vulnerability.

3.3
2017-08-08 CVE-2017-8637 Microsoft Unspecified vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability".

2.6
2017-08-08 CVE-2017-10193 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).

2.6
2017-08-08 CVE-2017-10045 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker).

2.6
2017-08-11 CVE-2015-3156 Openstack Link Following vulnerability in Openstack Trove

The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.

2.1
2017-08-10 CVE-2014-0142 Qemu Divide BY Zero vulnerability in Qemu

QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.

2.1
2017-08-09 CVE-2017-5695 Intel Improper Input Validation vulnerability in Intel products

Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D allows local users to cause a denial of service via unspecified vectors.

2.1
2017-08-08 CVE-2017-8668 Microsoft Information Exposure vulnerability in Microsoft products

The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability".

2.1
2017-08-08 CVE-2017-8666 Microsoft Information Exposure vulnerability in Microsoft products

Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability".

2.1
2017-08-08 CVE-2017-10231 Oracle Unspecified vulnerability in Oracle Hospitality Cruise Affairwhere 2.2.05.062

Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AWExport).

2.1
2017-08-08 CVE-2017-10220 Oracle Unspecified vulnerability in Oracle Hospitality Suite8 Property Interfaces 8.10.0/8.10.1/8.10.2

Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser).

2.1
2017-08-08 CVE-2017-10219 Oracle Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.0.0/4.2.1.0

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base).

2.1
2017-08-08 CVE-2017-10213 Oracle Unspecified vulnerability in Oracle Hospitality Suite8 8.10.0/8.10.1/8.10.2

Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect).

2.1
2017-08-08 CVE-2017-10201 Oracle Unspecified vulnerability in Oracle Hospitality E7 4.2.1

Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other).

2.1
2017-08-08 CVE-2017-10189 Oracle Unspecified vulnerability in Oracle Hospitality Suite8 8.10.0/8.10.1/8.10.2

Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure).

2.1
2017-08-08 CVE-2017-10188 Oracle Unspecified vulnerability in Oracle Hospitality Hotel Mobile 1.01

Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite 8/Android).

2.1
2017-08-08 CVE-2017-10169 Oracle Unspecified vulnerability in Oracle Hospitality 9700 4.0

Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Operation Security).

2.1
2017-08-08 CVE-2017-10056 Oracle Unspecified vulnerability in Oracle Hospitality 9700 4.0

Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Property Management Systems).

2.1
2017-08-08 CVE-2017-9942 Siemens Unspecified vulnerability in Siemens Sipass Integrated

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.

2.1
2017-08-07 CVE-2015-8621 Tcoffee Permissions, Privileges, and Access Controls vulnerability in Tcoffee T-Coffee

t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally.

2.1
2017-08-07 CVE-2015-3839 Google Null Pointer Dereference vulnerability in Google Android

The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).

2.1
2017-08-10 CVE-2014-0146 Qemu Null Pointer Dereference vulnerability in Qemu

The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.

1.9
2017-08-09 CVE-2015-2687 Openstack Improper Access Control vulnerability in Openstack Compute

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

1.9
2017-08-08 CVE-2017-10252 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant).

1.9
2017-08-08 CVE-2017-10251 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework).

1.9
2017-08-08 CVE-2017-10250 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tuxedo).

1.9
2017-08-08 CVE-2017-10120 Oracle Unspecified vulnerability in Oracle Database Server 12.1.0.2

Vulnerability in the RDBMS Security component of Oracle Database Server.

1.9
2017-08-08 CVE-2017-10095 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

1.9
2017-08-08 CVE-2017-10020 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant).

1.9
2017-08-08 CVE-2017-10122 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

1.2