Weekly Vulnerabilities Reports > August 21 to 27, 2017

Overview

154 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 145 products from 87 vendors including Imagemagick, Debian, Atlassian, Fedoraproject, and Microfocus. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Improper Input Validation".

  • 127 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 55 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 132 reported vulnerabilities are exploitable by an anonymous user.
  • Imagemagick has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • D Link has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-08-27 CVE-2017-13707 Replibit
Axcient
Improper Privilege Management vulnerability in Axcient Replibit 2017.05.11

Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution.

10.0
2017-08-24 CVE-2015-8352 ZEN Cart Path Traversal vulnerability in Zen-Cart ZEN Cart 1.5.4

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a ..

10.0
2017-08-24 CVE-2015-1801 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Galaxy S4 Firmware I9500Xxuemk8

The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.

10.0
2017-08-22 CVE-2015-6473 Wago 7PK - Security Features vulnerability in Wago 750-849 Firmware and 758-870 Firmware

WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.

10.0
2017-08-22 CVE-2017-12787 Noviflow Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Noviflow Noviware 400.2.6

A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied.

10.0
2017-08-22 CVE-2017-12786 Noviflow Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Noviflow Noviware 400.2.6

Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied.

10.0
2017-08-22 CVE-2017-12785 Noviflow Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Noviflow Noviware 400.2.6

The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command.

10.0
2017-08-25 CVE-2014-7859 D Link Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link products

Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.

9.8
2017-08-25 CVE-2014-7858 D Link Improper Authentication vulnerability in D-Link Dnr-326 Firmware

The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.

9.8
2017-08-25 CVE-2014-7857 D Link Improper Authentication vulnerability in D-Link products

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.

9.8
2017-08-21 CVE-2017-7420 Microfocus Improper Authentication vulnerability in Microfocus products

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).

9.8
2017-08-24 CVE-2017-0805 Google Improper Validation of Array Index vulnerability in Google Android

A elevation of privilege vulnerability in the Android media framework (libstagefright).

9.3
2017-08-24 CVE-2015-7259 ZTE Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.

9.0
2017-08-24 CVE-2015-7258 ZTE Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.

9.0

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-08-23 CVE-2017-12904 Newsbeuter
Debian
Improper Neutralization of Special Elements in Data Query Logic vulnerability in multiple products

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.

8.8
2017-08-23 CVE-2017-11610 Supervisord
Fedoraproject
Debian
Redhat
Incorrect Default Permissions vulnerability in multiple products

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

8.8
2017-08-21 CVE-2017-7423 Microfocus Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Enterprise Developer and Enterprise Server

A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured.

8.8
2017-08-21 CVE-2017-5187 Microfocus Cross-Site Request Forgery (CSRF) vulnerability in Microfocus products

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.

8.8
2017-08-24 CVE-2015-7257 ZTE Weak Password Recovery Mechanism for Forgotten Password vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".

8.5
2017-08-25 CVE-2015-1395 Fedoraproject
Canonical
GNU
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a ..

7.8
2017-08-24 CVE-2015-7516 Onosproject NULL Pointer Dereference vulnerability in Onosproject Onos

ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).

7.8
2017-08-27 CVE-2017-13710 GNU NULL Pointer Dereference vulnerability in GNU Binutils 2.29

The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.

7.5
2017-08-25 CVE-2017-12816 Kaspersky Incorrect Permission Assignment for Critical Resource vulnerability in Kaspersky Internet Security 11.12.4.1622

In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.

7.5
2017-08-25 CVE-2017-12707 Spidercontrol Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Spidercontrol Scada Microbrowser 1.6.30.144

A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior.

7.5
2017-08-25 CVE-2015-4017 Saltstack Improper Certificate Validation vulnerability in Saltstack Salt 2014.7.5

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.

7.5
2017-08-24 CVE-2017-13669 Nexusphp SQL Injection vulnerability in Nexusphp 1.5

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.

7.5
2017-08-24 CVE-2017-12679 Nexusphp SQL Injection vulnerability in Nexusphp 1.5

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.

7.5
2017-08-23 CVE-2017-11357 Telerik Improper Input Validation vulnerability in Telerik UI FOR Asp.Net Ajax

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

7.5
2017-08-23 CVE-2017-11317 Telerik Inadequate Encryption Strength vulnerability in Telerik UI FOR Asp.Net Ajax

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

7.5
2017-08-23 CVE-2017-12965 Apache2Triad Session Fixation vulnerability in Apache2Triad 1.5.4

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

7.5
2017-08-23 CVE-2015-5224 Kernel Unspecified vulnerability in Kernel Util-Linux

The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.

7.5
2017-08-23 CVE-2017-13137 Formcrafts SQL Injection vulnerability in Formcrafts Formcraft 1.0.5

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.

7.5
2017-08-23 CVE-2017-12858 Libzip Double Free vulnerability in Libzip 1.2.0

Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.

7.5
2017-08-23 CVE-2017-12791 Saltstack Path Traversal vulnerability in Saltstack Salt

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

7.5
2017-08-23 CVE-2017-13139 Imagemagick Out-of-bounds Read vulnerability in Imagemagick

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.

7.5
2017-08-22 CVE-2016-4460 Apache Improper Authentication vulnerability in Apache Pony Mail 0.6C/0.7B/0.8B

Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.

7.5
2017-08-22 CVE-2015-2857 Accellion Command Injection vulnerability in Accellion File Transfer Appliance 80540/911200

Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.

7.5
2017-08-21 CVE-2017-12981 Nexusphp SQL Injection vulnerability in Nexusphp 1.5

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.

7.5
2017-08-21 CVE-2017-11366 Codiad OS Command Injection vulnerability in Codiad

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.

7.5
2017-08-25 CVE-2015-1324 Canonical Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux

Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.

7.2
2017-08-24 CVE-2017-13686 Linux NULL Pointer Dereference vulnerability in Linux Kernel 4.13

net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls.

7.2
2017-08-24 CVE-2017-12137 XEN
Citrix
Debian
Classic Buffer Overflow vulnerability in multiple products

arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.

7.2
2017-08-24 CVE-2017-12134 XEN
Citrix
Incorrect Calculation vulnerability in multiple products

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.

7.2
2017-08-23 CVE-2017-13130 BMC Uncontrolled Search Path Element vulnerability in BMC Patrol

mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.

7.2
2017-08-25 CVE-2014-9637 Fedoraproject
Mageia
Canonical
GNU
Resource Management Errors vulnerability in multiple products

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

7.1
2017-08-23 CVE-2017-13133 Imagemagick Allocation of Resources Without Limits or Throttling vulnerability in Imagemagick 7.0.68

In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.

7.1

90 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-08-25 CVE-2017-9644 Automatedlogic
Carrier
Unquoted Search Path or Element vulnerability in multiple products

An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.

6.9
2017-08-25 CVE-2015-1325 Canonical Race Condition vulnerability in Canonical Ubuntu Linux

Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.

6.9
2017-08-24 CVE-2017-12136 XEN
Citrix
Debian
Race Condition vulnerability in multiple products

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

6.9
2017-08-27 CVE-2017-12595 Qpdf Project Improper Input Validation vulnerability in Qpdf Project Qpdf 6.0.0/7.0.B1

The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.

6.8
2017-08-26 CVE-2017-7693 Riverbed Path Traversal vulnerability in Riverbed Opnet APP Response Xpert 9.6.1

Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.

6.8
2017-08-25 CVE-2017-7926 Osisoft Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI web API 1.8

A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0).

6.8
2017-08-25 CVE-2015-3206 Apple Improper Authentication vulnerability in Apple Pykerberos

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.

6.8
2017-08-25 CVE-2017-12703 Westermo Cross-Site Request Forgery (CSRF) vulnerability in Westermo products

A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0.

6.8
2017-08-23 CVE-2017-13147 Graphicsmagick Improper Input Validation vulnerability in Graphicsmagick 1.3.26

In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.

6.8
2017-08-23 CVE-2017-12970 Apache2Triad Cross-Site Request Forgery (CSRF) vulnerability in Apache2Triad 1.5.4

Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.

6.8
2017-08-23 CVE-2017-13146 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick

In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.

6.8
2017-08-22 CVE-2017-5208 Icoutils Project
Debian
Redhat
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

6.8
2017-08-22 CVE-2015-5258 Fedoraproject
Vmware
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.

6.8
2017-08-22 CVE-2017-7557 Powerdns Cross-Site Request Forgery (CSRF) vulnerability in Powerdns Dnsdist 1.1.0

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.

6.8
2017-08-21 CVE-2017-12983 Imagemagick Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 7.0.68

Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

6.8
2017-08-25 CVE-2017-9640 Automatedlogic
Carrier
Path Traversal vulnerability in multiple products

A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.

6.5
2017-08-24 CVE-2015-8355 Orion Soft SQL Injection vulnerability in Orion-Soft Bitrix

Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.

6.5
2017-08-23 CVE-2017-13648 Graphicsmagick Missing Release of Resource after Effective Lifetime vulnerability in Graphicsmagick 1.3.26

In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.

6.5
2017-08-22 CVE-2017-12843 Cyrusimap
Fedoraproject
Improper Input Validation vulnerability in multiple products

Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.

6.5
2017-08-22 CVE-2017-13065 Graphicsmagick
Debian
NULL Pointer Dereference vulnerability in multiple products

GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.

6.5
2017-08-22 CVE-2017-13064 Graphicsmagick
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.

6.5
2017-08-22 CVE-2017-13063 Graphicsmagick
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.

6.5
2017-08-21 CVE-2017-7424 Microfocus Path Traversal vulnerability in Microfocus Enterprise Developer and Enterprise Server

A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured.

6.5
2017-08-21 CVE-2017-12977 10Web SQL Injection vulnerability in 10Web Photo Gallery

The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php.

6.5
2017-08-27 CVE-2017-13709 Flightgear Improper Input Validation vulnerability in Flightgear 2017.2.1

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree.

6.4
2017-08-23 CVE-2017-12847 Nagios Improper Initialization vulnerability in Nagios

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.

6.3
2017-08-21 CVE-2017-7421 Microfocus Cross-site Scripting vulnerability in Microfocus products

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.

6.1
2017-08-25 CVE-2017-7930 Osisoft Improper Authentication vulnerability in Osisoft PI Data Archive

An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017.

5.8
2017-08-25 CVE-2015-5701 TUG Link Following vulnerability in TUG Texlive

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.

5.6
2017-08-25 CVE-2015-5700 TUG Link Following vulnerability in TUG Texlive

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.

5.6
2017-08-21 CVE-2017-7422 Microfocus Cross-site Scripting vulnerability in Microfocus Enterprise Developer and Enterprise Server

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured.

5.4
2017-08-25 CVE-2014-7860 D Link Information Exposure vulnerability in D-Link Dns-320L Firmware and Dns-327L Firmware

The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.

5.3
2017-08-24 CVE-2017-12836 GNU
Canonical
Debian
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
5.1
2017-08-25 CVE-2017-12817 Kaspersky Missing Encryption of Sensitive Data vulnerability in Kaspersky Internet Security 11.12.4.1622

In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.

5.0
2017-08-25 CVE-2017-12694 Spidercontrol Path Traversal vulnerability in Spidercontrol Scada web Server

A Directory Traversal issue was discovered in SpiderControl SCADA Web Server.

5.0
2017-08-25 CVE-2015-4181 Phpmybackuppro Path Traversal vulnerability in PHPmybackuppro

Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a ..

5.0
2017-08-25 CVE-2015-4180 Phpmybackuppro Path Traversal vulnerability in PHPmybackuppro

Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a ..

5.0
2017-08-25 CVE-2016-5816 Westermo Use of Hard-coded Credentials vulnerability in Westermo products

A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0.

5.0
2017-08-25 CVE-2017-13692 Htacg Improper Input Validation vulnerability in Htacg Tidy 5.5.31

In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument.

5.0
2017-08-24 CVE-2015-1800 Samsung Information Exposure vulnerability in Samsung Galaxy S4 Firmware I9500Xxuemk8

The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information.

5.0
2017-08-24 CVE-2017-9511 Atlassian Path Traversal vulnerability in Atlassian Crucible

The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.

5.0
2017-08-24 CVE-2017-9512 Atlassian Information Exposure vulnerability in Atlassian Crucible

The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.

5.0
2017-08-24 CVE-2017-11424 Pyjwt Project
Debian
In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys.
5.0
2017-08-23 CVE-2017-13143 Imagemagick Information Exposure vulnerability in Imagemagick

In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.

5.0
2017-08-22 CVE-2016-6311 Redhat Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform 7.0

Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.

5.0
2017-08-22 CVE-2016-2102 Haproxy Improper Authentication vulnerability in Haproxy

HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.

5.0
2017-08-22 CVE-2015-6472 Wago Credentials Management vulnerability in Wago products

WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.

5.0
2017-08-21 CVE-2017-8037 Cloudfoundry Information Exposure vulnerability in Cloudfoundry Capi-Release and Cf-Release

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035.

5.0
2017-08-21 CVE-2017-12784 Ccfile Improper Input Validation vulnerability in Ccfile CC File Transfer 3.6

In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software.

5.0
2017-08-25 CVE-2017-13693 Linux Information Exposure vulnerability in Linux Kernel

The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

4.9
2017-08-25 CVE-2017-9650 Automatedlogic
Carrier
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.

4.6
2017-08-24 CVE-2015-8308 Lxdm Project Improper Authentication vulnerability in Lxdm Project Lxdm

LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.

4.6
2017-08-24 CVE-2017-12135 XEN
Citrix
Debian
Incorrect Calculation vulnerability in multiple products

Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.

4.6
2017-08-23 CVE-2017-11159 Synology
Microsoft
Untrusted Search Path vulnerability in Synology Photo Station Uploader

Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

4.6
2017-08-22 CVE-2015-3617 Fortinet Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortimanager Firmware

Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.

4.6
2017-08-21 CVE-2017-6329 Symantec Uncontrolled Search Path Element vulnerability in Symantec VIP Access FOR Desktop

Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability.

4.6
2017-08-25 CVE-2017-7934 Osisoft Improper Authentication vulnerability in Osisoft PI Data Archive

An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017.

4.3
2017-08-25 CVE-2015-3257 Zend Cross-site Scripting vulnerability in Zend Diactoros

Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.

4.3
2017-08-25 CVE-2014-9564 IBM CRLF Injection vulnerability in IBM En6131 Firmware and Ib6131 Firmware

CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters.

4.3
2017-08-25 CVE-2017-13697 Finecms Project Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11

controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.

4.3
2017-08-24 CVE-2015-4699 Cloud4Wi Cross-site Scripting vulnerability in Cloud4Wi Splash Portal 5.9.6

Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI.

4.3
2017-08-24 CVE-2015-7896 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mobile

LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.

4.3
2017-08-24 CVE-2015-5293 Redhat Improper Access Control vulnerability in Redhat Enterprise Virtualization Manager

Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.

4.3
2017-08-24 CVE-2014-4616 Python
Simplejson Project
Opensuse Project
Opensuse
Improper Validation of Array Index vulnerability in multiple products

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

4.3
2017-08-24 CVE-2017-13671 Misp Cross-site Scripting vulnerability in Misp

app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments.

4.3
2017-08-24 CVE-2017-13658 Imagemagick Reachable Assertion vulnerability in Imagemagick

In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.

4.3
2017-08-23 CVE-2017-9506 Atlassian Server-Side Request Forgery (SSRF) vulnerability in Atlassian Oauth

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

4.3
2017-08-23 CVE-2017-12971 Apache2Triad Cross-site Scripting vulnerability in Apache2Triad 1.5.4

Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.

4.3
2017-08-23 CVE-2017-13138 Qodeinteractive Cross-site Scripting vulnerability in Qodeinteractive Bridge

DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript.

4.3
2017-08-23 CVE-2017-13145 Imagemagick Improper Input Validation vulnerability in Imagemagick

In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.

4.3
2017-08-23 CVE-2017-13144 Imagemagick Improper Input Validation vulnerability in Imagemagick

In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.

4.3
2017-08-23 CVE-2017-13142 Imagemagick Improper Check for Unusual or Exceptional Conditions vulnerability in Imagemagick

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.

4.3
2017-08-23 CVE-2017-13141 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick

In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.

4.3
2017-08-23 CVE-2017-13140 Imagemagick Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick

In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.

4.3
2017-08-23 CVE-2017-13134 Imagemagick Out-of-bounds Read vulnerability in Imagemagick 7.0.66

In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.

4.3
2017-08-23 CVE-2017-13132 Imagemagick Reachable Assertion vulnerability in Imagemagick 7.0.68

In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.

4.3
2017-08-23 CVE-2017-13131 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.68

In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file.

4.3
2017-08-22 CVE-2014-6189 IBM Cross-site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2017-08-22 CVE-2017-13066 Graphicsmagick Missing Release of Resource after Effective Lifetime vulnerability in Graphicsmagick 1.3.26

GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.

4.3
2017-08-22 CVE-2017-13062 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.66

In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file.

4.3
2017-08-22 CVE-2017-13061 Imagemagick Improper Input Validation vulnerability in Imagemagick 7.0.65

In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file.

4.3
2017-08-22 CVE-2017-13060 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.65

In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.

4.3
2017-08-22 CVE-2017-13059 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.66

In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file.

4.3
2017-08-22 CVE-2017-13058 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.66

In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.

4.3
2017-08-21 CVE-2017-12984 Phpmywind Cross-site Scripting vulnerability in PHPmywind 5.3

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.

4.3
2017-08-21 CVE-2017-12982 Uclouvain Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Uclouvain Openjpeg

The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.

4.3
2017-08-21 CVE-2017-12980 Dokuwiki Cross-site Scripting vulnerability in Dokuwiki

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php.

4.3
2017-08-21 CVE-2017-12979 Dokuwiki Cross-site Scripting vulnerability in Dokuwiki

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php.

4.3
2017-08-25 CVE-2017-12857 Polycom Information Exposure vulnerability in Polycom Unified Communications Software

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application.

4.0
2017-08-24 CVE-2017-12074 Synology Path Traversal vulnerability in Synology DNS Server

Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.

4.0

18 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-08-24 CVE-2015-5146 Fedoraproject
Debian
NTP
Improper Input Validation vulnerability in multiple products

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

3.5
2017-08-24 CVE-2017-9555 Synology Cross-site Scripting vulnerability in Synology Photo Station

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.

3.5
2017-08-24 CVE-2017-12879 Paessler Cross-site Scripting vulnerability in Paessler Prtg Network Monitor

Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.

3.5
2017-08-24 CVE-2017-9510 Atlassian Cross-site Scripting vulnerability in Atlassian Fisheye

The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.

3.5
2017-08-24 CVE-2017-9509 Atlassian Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye

The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.

3.5
2017-08-24 CVE-2017-9508 Atlassian Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye

Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.

3.5
2017-08-24 CVE-2017-9507 Atlassian Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye

The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.

3.5
2017-08-23 CVE-2017-12844 Icewarp Cross-site Scripting vulnerability in Icewarp Mail Server 10.4.4

Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.

3.5
2017-08-21 CVE-2017-12978 Cacti Cross-site Scripting vulnerability in Cacti

lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.

3.5
2017-08-25 CVE-2015-3211 PHP FPM Link Following vulnerability in PHP-Fpm

php-fpm allows local users to write to or create arbitrary files via a symlink attack.

2.1
2017-08-25 CVE-2017-12709 Westermo Use of Hard-coded Credentials vulnerability in Westermo products

A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0.

2.1
2017-08-25 CVE-2017-13695 Linux Information Exposure vulnerability in Linux Kernel

The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

2.1
2017-08-25 CVE-2017-13694 Linux Information Exposure vulnerability in Linux Kernel

The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

2.1
2017-08-24 CVE-2017-13666 Multicorewareinc Integer Underflow (Wrap or Wraparound) vulnerability in Multicorewareinc X265

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products.

2.1
2017-08-23 CVE-2017-13649 Unrealircd Improper Initialization vulnerability in Unrealircd

UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.

2.1
2017-08-23 CVE-2017-12809 Qemu
Debian
NULL Pointer Dereference vulnerability in multiple products

QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.

2.1
2017-08-22 CVE-2017-1422 IBM Information Exposure vulnerability in IBM Maas360 DTM

IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information.

2.1
2017-08-22 CVE-2016-6310 Redhat Information Exposure vulnerability in Redhat Enterprise Virtualization

oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.

2.1