Weekly Vulnerabilities Reports > September 4 to 10, 2017

Overview

215 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 41 high severity vulnerabilities. This weekly summary report vulnerabilities in 168 products from 101 vendors including Google, Cisco, Debian, IBM, and Imagemagick. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "SQL Injection".

  • 188 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 58 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 190 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 48 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 25 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

30 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-09-04 CVE-2017-14135 Dreambox OS Command Injection vulnerability in Dreambox Opendreambox 2.0

enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.

10.0
2017-09-04 CVE-2017-14127 Technicolor OS Command Injection vulnerability in Technicolor Td5336 Firmware 7.0

Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.

10.0
2017-09-08 CVE-2017-0801 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek libmtkomxvdec.

9.3
2017-09-08 CVE-2017-0800 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek teei.

9.3
2017-09-08 CVE-2017-0799 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek lastbus.

9.3
2017-09-08 CVE-2017-0798 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek kernel.

9.3
2017-09-08 CVE-2017-0797 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek accessory detector driver.

9.3
2017-09-08 CVE-2017-0796 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek auxadc driver.

9.3
2017-09-08 CVE-2017-0795 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek accessory detector driver.

9.3
2017-09-08 CVE-2017-0770 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice).

9.3
2017-09-08 CVE-2017-0769 Google Improper Resource Shutdown or Release vulnerability in Google Android

A elevation of privilege vulnerability in the Android media framework (libstagefright).

9.3
2017-09-08 CVE-2017-0768 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the Android media framework (libeffects).

9.3
2017-09-08 CVE-2017-0767 Google Classic Buffer Overflow vulnerability in Google Android

A elevation of privilege vulnerability in the Android media framework (libeffects).

9.3
2017-09-08 CVE-2017-0766 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libjhead).

9.3
2017-09-08 CVE-2017-0765 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libstagefright).

9.3
2017-09-08 CVE-2017-0764 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libvorbis).

9.3
2017-09-08 CVE-2017-0763 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libhevc).

9.3
2017-09-08 CVE-2017-0762 Google Improper Handling of Exceptional Conditions vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libhevc).

9.3
2017-09-08 CVE-2017-0761 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libavc).

9.3
2017-09-08 CVE-2017-0760 Google Improper Handling of Exceptional Conditions vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libstagefright).

9.3
2017-09-08 CVE-2017-0759 Google Improper Handling of Exceptional Conditions vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libstagefright).

9.3
2017-09-08 CVE-2017-0758 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libhevc).

9.3
2017-09-08 CVE-2017-0757 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libavc).

9.3
2017-09-08 CVE-2017-0756 Google Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libstagefright).

9.3
2017-09-08 CVE-2017-0755 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the Android libraries (libminikin).

9.3
2017-09-08 CVE-2017-0753 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android libraries (libgdx).

9.3
2017-09-08 CVE-2017-0752 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

A elevation of privilege vulnerability in the Android framework (windowmanager).

9.3
2017-09-06 CVE-2015-5948 Salesagility Race Condition vulnerability in Salesagility Suitecrm

Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.

9.3
2017-09-06 CVE-2015-0853 Pysvn Project Improper Input Validation vulnerability in Pysvn Project Svn-Workbench 1.6.2

svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes).

9.3
2017-09-04 CVE-2017-14123 Zohocorp Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Firewall Analyzer 12.2

Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section.

9.0

41 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-09-07 CVE-2017-6792 Cisco Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root.

8.5
2017-09-08 CVE-2017-0778 Google Information Exposure vulnerability in Google Android

A information disclosure vulnerability in the Android media framework (n/a).

7.8
2017-09-07 CVE-2017-6780 Cisco Allocation of Resources Without Limits or Throttling vulnerability in Cisco products

A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion.

7.8
2017-09-07 CVE-2017-6631 Cisco Unspecified vulnerability in Cisco products

A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2017-09-05 CVE-2017-14158 Scrapy Resource Exhaustion vulnerability in Scrapy 1.4

Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.

7.8
2017-09-09 CVE-2017-12733 Opwglobal Missing Authentication for Critical Function vulnerability in Opwglobal products

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1.

7.5
2017-09-09 CVE-2017-12731 Opwglobal SQL Injection vulnerability in Opwglobal products

A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1.

7.5
2017-09-08 CVE-2017-11161 Synology SQL Injection vulnerability in Synology Photo Station

Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.

7.5
2017-09-07 CVE-2015-5052 Sefrengo SQL Injection vulnerability in Sefrengo

SQL injection vulnerability in Sefrengo before 1.6.5 beta2.

7.5
2017-09-07 CVE-2015-4629 Huawei Permissions, Privileges, and Access Controls vulnerability in Huawei E5756S Firmware

Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions.

7.5
2017-09-07 CVE-2015-4627 Pragyan CMS Project SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0

SQL injection vulnerability in Pragyan CMS 3.0.

7.5
2017-09-07 CVE-2015-3991 Strongswan Data Processing Errors vulnerability in Strongswan 5.2.2/5.3.0

strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.

7.5
2017-09-07 CVE-2015-3313 Community Events Project SQL Injection vulnerability in Community Events Project Community Events

SQL injection vulnerability in WordPress Community Events plugin before 1.4.

7.5
2017-09-07 CVE-2017-9834 Calendarscripts SQL Injection vulnerability in Calendarscripts Watupro 5.5.1

SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php.

7.5
2017-09-07 CVE-2017-14147 Fiberhome Improper Authentication vulnerability in Fiberhome Adsl An1020-25 Firmware

An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it.

7.5
2017-09-07 CVE-2017-9458 Paloaltonetworks Server-Side Request Forgery (SSRF) vulnerability in Paloaltonetworks Pan-Os

XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors.

7.5
2017-09-07 CVE-2016-10405 D Link Session Fixation vulnerability in D-Link Dir-600L Firmware

Session fixation vulnerability in D-Link DIR-600L routers (rev.

7.5
2017-09-07 CVE-2015-3442 Soreco Improper Authentication vulnerability in Soreco Xpert.Line 3.0

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call.

7.5
2017-09-06 CVE-2015-7241 SAP XXE vulnerability in SAP Netweaver 4.0/6.4/7.0

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.

7.5
2017-09-05 CVE-2017-14145 Helpdezk SQL Injection vulnerability in Helpdezk 1.1.1

HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.

7.5
2017-09-04 CVE-2017-14138 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.65

ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.

7.5
2017-09-08 CVE-2017-14167 Qemu
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.

7.2
2017-09-07 CVE-2017-6796 Cisco OS Command Injection vulnerability in Cisco IOS XE

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.

7.2
2017-09-07 CVE-2017-6794 Cisco Improper Input Validation vulnerability in Cisco Meeting Server

A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root.

7.2
2017-09-07 CVE-2017-9779 Ocaml Unspecified vulnerability in Ocaml 4.02.3/4.04.0/4.04.1

OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."

7.2
2017-09-06 CVE-2015-2210 Epicor Command Injection vulnerability in Epicor CRS Retail Store

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.

7.2
2017-09-09 CVE-2017-14223 Ffmpeg
Debian
Resource Exhaustion vulnerability in multiple products

In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption.

7.1
2017-09-09 CVE-2017-14222 Ffmpeg Excessive Iteration vulnerability in Ffmpeg 3.3.3

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption.

7.1
2017-09-08 CVE-2017-0793 Google Information Exposure vulnerability in Google Android

A information disclosure vulnerability in the N/A memory subsystem.

7.1
2017-09-08 CVE-2017-0780 Google Unspecified vulnerability in Google Android

A denial of service vulnerability in the Android runtime (android messenger).

7.1
2017-09-08 CVE-2017-0775 Google Excessive Iteration vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libstagefright).

7.1
2017-09-08 CVE-2017-0774 Google Unchecked Return Value vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libstagefright).

7.1
2017-09-08 CVE-2017-0773 Google Unspecified vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libhevc).

7.1
2017-09-08 CVE-2017-0772 Google Unspecified vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libavc).

7.1
2017-09-08 CVE-2017-0771 Google Allocation of Resources Without Limits or Throttling vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libskia).

7.1
2017-09-07 CVE-2017-14175 Imagemagick
Canonical
Debian
Excessive Iteration vulnerability in multiple products

In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption.

7.1
2017-09-07 CVE-2017-14174 Imagemagick
Canonical
Debian
Excessive Iteration vulnerability in multiple products

In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption.

7.1
2017-09-07 CVE-2017-14172 Imagemagick
Canonical
Debian
Excessive Iteration vulnerability in multiple products

In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption.

7.1
2017-09-07 CVE-2017-14171 Ffmpeg Excessive Iteration vulnerability in Ffmpeg 3.3.3

In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption.

7.1
2017-09-07 CVE-2017-14170 Ffmpeg Excessive Iteration vulnerability in Ffmpeg 3.3.3

In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption.

7.1
2017-09-05 CVE-2017-14108 Gnome Resource Exhaustion vulnerability in Gnome Gedit 3.22.1

libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.

7.1

128 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-09-08 CVE-2017-12146 Linux Race Condition vulnerability in Linux Kernel

The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.

6.9
2017-09-08 CVE-2016-5759 Novell
Opensuse
Improper Input Validation vulnerability in multiple products

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

6.9
2017-09-07 CVE-2017-12223 Cisco Improper Input Validation vulnerability in Cisco Ir800 Integrated Services Router Firmware

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system.

6.9
2017-09-07 CVE-2015-3222 Ossec Permissions, Privileges, and Access Controls vulnerability in Ossec

syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.

6.9
2017-09-09 CVE-2017-14225 Ffmpeg NULL Pointer Dereference vulnerability in Ffmpeg 3.3.3

The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference.

6.8
2017-09-09 CVE-2017-14224 Imagemagick Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 7.0.68

A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.

6.8
2017-09-08 CVE-2017-0804 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek mmc driver.

6.8
2017-09-08 CVE-2017-0803 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek accessory detector driver.

6.8
2017-09-08 CVE-2017-0802 Google Unspecified vulnerability in Google Android

A elevation of privilege vulnerability in the MediaTek kernel.

6.8
2017-09-08 CVE-2017-0794 Google Race Condition vulnerability in Google Android

A elevation of privilege vulnerability in the Upstream kernel scsi driver.

6.8
2017-09-07 CVE-2017-12216 Cisco XXE vulnerability in Cisco Socialminer

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system.

6.8
2017-09-07 CVE-2015-4697 Sumo Cross-Site Request Forgery (CSRF) vulnerability in Sumo Google Analyticator

Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563.

6.8
2017-09-07 CVE-2015-4619 Denkgroot Cross-Site Request Forgery (CSRF) vulnerability in Denkgroot Spina

Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75.

6.8
2017-09-07 CVE-2015-3314 Tune Library Project SQL Injection vulnerability in Tune Library Project Tune Library

SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.

6.8
2017-09-07 CVE-2014-9565 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM En6131 Firmware and Ib6131 Firmware

Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier.

6.8
2017-09-07 CVE-2017-14181 Aacplusenc Project NULL Pointer Dereference vulnerability in Aacplusenc Project Aacplusenc 0.17.5

DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference.

6.8
2017-09-07 CVE-2017-12838 Nexusphp Project Cross-Site Request Forgery (CSRF) vulnerability in Nexusphp Project Nexusphp 1.5

Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.

6.8
2017-09-07 CVE-2017-11567 Cesanta Cross-Site Request Forgery (CSRF) vulnerability in Cesanta Mongoose Embedded web Server Library

Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save.

6.8
2017-09-07 CVE-2017-14169 Ffmpeg
Debian
Improper Input Validation vulnerability in multiple products

In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided.

6.8
2017-09-06 CVE-2015-5947 Suitecrm
Salesagility
Race Condition vulnerability in Salesagility Suitecrm

SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.

6.8
2017-09-06 CVE-2015-3450 Aspl Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Aspl Libaxl 0.6.9

Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document.

6.8
2017-09-06 CVE-2017-14164 Uclouvain Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Uclouvain Openjpeg

A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0.

6.8
2017-09-05 CVE-2017-1097 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Strategic Supply Management

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2017-09-05 CVE-2017-2870 Gnome Integer Overflow or Wraparound vulnerability in Gnome Gdk-Pixbuf 2.36.6

An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang.

6.8
2017-09-05 CVE-2017-2862 Gnome Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Gdk-Pixbuf 2.36.6

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6.

6.8
2017-09-05 CVE-2017-2822 Lexmark Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lexmark Perceptive Document Filters 11.3.0.2400

An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400.

6.8
2017-09-05 CVE-2017-2821 Lexmark Use After Free vulnerability in Lexmark Perceptive Document Filters 11.3.0.2400/11.4.0.2452

An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452.

6.8
2017-09-05 CVE-2017-2808 Ledger CLI Use After Free vulnerability in Ledger-Cli Ledger 3.1.1

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1.

6.8
2017-09-05 CVE-2017-2807 Ledger CLI Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ledger-Cli Ledger 3.1.1

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1.

6.8
2017-09-05 CVE-2017-2779 NI Out-of-bounds Write vulnerability in NI Labview

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014.

6.8
2017-09-05 CVE-2017-14152 Uclouvain
Debian
Out-of-bounds Write vulnerability in multiple products

A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0.

6.8
2017-09-05 CVE-2017-14151 Uclouvain
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0.

6.8
2017-09-05 CVE-2017-1000083 Gnome
Debian
Redhat
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
6.8
2017-09-07 CVE-2015-4724 Concretecms SQL Injection vulnerability in Concretecms Concrete CMS 5.7.3.1

SQL injection vulnerability in Concrete5 5.7.3.1.

6.5
2017-09-07 CVE-2017-13713 Twsz OS Command Injection vulnerability in Twsz Wifi Repeater Firmware

T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.

6.5
2017-09-07 CVE-2016-0732 Cloudfoundry
Pivotal
Improper Privilege Management vulnerability in multiple products

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.

6.5
2017-09-05 CVE-2017-14146 Helpdezk Code Injection vulnerability in Helpdezk 1.1.1

HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory.

6.5
2017-09-10 CVE-2017-14230 Cyrus Improper Input Validation vulnerability in Cyrus Imap

In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.

6.4
2017-09-07 CVE-2017-12211 Cisco Unspecified vulnerability in Cisco IOS and IOS XE

A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device.

6.3
2017-09-08 CVE-2017-0791 Google Unspecified vulnerability in Google Android 7.1.2

A elevation of privilege vulnerability in the Broadcom wi-fi driver.

5.8
2017-09-08 CVE-2017-0790 Google Unspecified vulnerability in Google Android 7.1.2

A elevation of privilege vulnerability in the Broadcom wi-fi driver.

5.8
2017-09-08 CVE-2017-0789 Google Unspecified vulnerability in Google Android 7.1.2

A elevation of privilege vulnerability in the Broadcom wi-fi driver.

5.8
2017-09-08 CVE-2017-0788 Google Unspecified vulnerability in Google Android 7.1.2

A elevation of privilege vulnerability in the Broadcom wi-fi driver.

5.8
2017-09-08 CVE-2017-0787 Google Unspecified vulnerability in Google Android 7.1.2

A elevation of privilege vulnerability in the Broadcom wi-fi driver.

5.8
2017-09-08 CVE-2017-0786 Google Unspecified vulnerability in Google Android 7.1.2

A elevation of privilege vulnerability in the Broadcom wi-fi driver.

5.8
2017-09-08 CVE-2017-0784 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

A elevation of privilege vulnerability in the Android system (nfc).

5.8
2017-09-07 CVE-2017-12227 Cisco SQL Injection vulnerability in Cisco Emergency Responder

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack.

5.5
2017-09-05 CVE-2017-1458 IBM XXE vulnerability in IBM Qradar Network Security 5.4

IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2017-09-10 CVE-2017-14231 Genixcms Improper Input Validation vulnerability in Genixcms

GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php.

5.0
2017-09-09 CVE-2017-14229 Jasper Project Infinite Loop vulnerability in Jasper Project Jasper 2.0.13

There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13.

5.0
2017-09-09 CVE-2017-14227 Mongodb Out-of-bounds Read vulnerability in Mongodb 1.7.0

In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.

5.0
2017-09-09 CVE-2017-14226 Libreoffice
Libwpd
Out-of-bounds Read vulnerability in multiple products

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp).

5.0
2017-09-08 CVE-2017-2550 Kubik Rubik Information Exposure vulnerability in Kubik-Rubik Easy Joomla Backup 3.2.4

Vulnerability in Easy Joomla Backup v3.2.4.

5.0
2017-09-07 CVE-2017-6791 Cisco Unspecified vulnerability in Cisco Unified Communications Manager

A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

5.0
2017-09-07 CVE-2017-6627 Cisco Improper Resource Shutdown or Release vulnerability in Cisco IOS and IOS XE

A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition.

5.0
2017-09-07 CVE-2017-12218 Cisco Improper Input Validation vulnerability in Cisco Asyncos

A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user.

5.0
2017-09-07 CVE-2017-12217 Cisco Improper Input Validation vulnerability in Cisco ASR 5500 Firmware

A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device.

5.0
2017-09-07 CVE-2015-8079 QT Information Exposure vulnerability in QT Qtwebkit

qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.

5.0
2017-09-07 CVE-2015-4085 Etherpad Path Traversal vulnerability in Etherpad

Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1.

5.0
2017-09-07 CVE-2013-7428 Mapsplugin Resource Exhaustion vulnerability in Mapsplugin Googlemaps

The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php.

5.0
2017-09-07 CVE-2017-6362 Libgd
Debian
Fedoraproject
Canonical
Double Free vulnerability in multiple products

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

5.0
2017-09-07 CVE-2017-13771 Lexmark Insufficiently Protected Credentials vulnerability in Lexmark Scan TO Network 3.2.9

Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.

5.0
2017-09-07 CVE-2015-3250 Apache Information Exposure vulnerability in Apache Directory Ldap API

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors.

5.0
2017-09-06 CVE-2015-7294 Ldapauth Fork Project LDAP Injection vulnerability in Ldapauth-Fork Project Ldapauth-Fork

ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.

5.0
2017-09-06 CVE-2015-6250 Simple PHP Captcha Project Information Exposure vulnerability in Simple-PHP-Captcha Project Simple-PHP-Captcha

simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side.

5.0
2017-09-06 CVE-2015-5959 Froxlor Information Exposure vulnerability in Froxlor

Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.

5.0
2017-09-06 CVE-2015-5705 Devscripts Devel Team
Fedoraproject
Link Following vulnerability in multiple products

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

5.0
2017-09-06 CVE-2015-5186 Linux Audit Project Improper Input Validation vulnerability in Linux Audit Project Linux Audit

Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.

5.0
2017-09-06 CVE-2015-3454 Vulcanjs Information Exposure vulnerability in Vulcanjs Vulcan

TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.

5.0
2017-09-06 CVE-2014-6438 Ruby Lang Resource Management Errors vulnerability in Ruby-Lang Ruby

The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.

5.0
2017-09-05 CVE-2017-1491 IBM Unspecified vulnerability in IBM Qradar Network Security 5.4

IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.

5.0
2017-09-05 CVE-2016-3086 Apache Information Exposure vulnerability in Apache Hadoop

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

5.0
2017-09-05 CVE-2017-14149 Embedthis NULL Pointer Dereference vulnerability in Embedthis Goahead

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.

5.0
2017-09-04 CVE-2017-14137 Imagemagick Resource Exhaustion vulnerability in Imagemagick 7.0.65

ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.

5.0
2017-09-05 CVE-2017-5698 Intel Unspecified vulnerability in Intel Manageability Engine Firmware 11.0.25.3001/11.0.26.3000

Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.

4.9
2017-09-07 CVE-2017-6795 Cisco Improper Input Validation vulnerability in Cisco IOS XE

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device.

4.7
2017-09-09 CVE-2017-5147 Azeotech Uncontrolled Search Path Element vulnerability in Azeotech Daqfactory

An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1.

4.6
2017-09-07 CVE-2015-1590 Kamailio Permissions, Privileges, and Access Controls vulnerability in Kamailio

The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl.

4.6
2017-09-09 CVE-2017-14228 Nasm
Canonical
NULL Pointer Dereference vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference.

4.3
2017-09-09 CVE-2017-8041 Vmware Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.

4.3
2017-09-08 CVE-2017-0779 Google Information Exposure vulnerability in Google Android

A information disclosure vulnerability in the Android media framework (audioflinger).

4.3
2017-09-08 CVE-2017-0777 Google Information Exposure vulnerability in Google Android

A information disclosure vulnerability in the Android media framework (n/a).

4.3
2017-09-08 CVE-2017-0776 Google Information Exposure vulnerability in Google Android

A information disclosure vulnerability in the Android media framework (n/a).

4.3
2017-09-08 CVE-2017-9095 Divinglog XXE vulnerability in Divinglog Diving LOG 6.0

XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.

4.3
2017-09-07 CVE-2017-14219 Intelbras Cross-site Scripting vulnerability in Intelbras WRN 240 Firmware

XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm.

4.3
2017-09-07 CVE-2017-6789 Cisco Cross-site Scripting vulnerability in Cisco Unified Intelligence Center 11.0(1)Es10

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack.

4.3
2017-09-07 CVE-2017-12225 Cisco Session Fixation vulnerability in Cisco Prime LAN Management Solution 4.2(5)

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability.

4.3
2017-09-07 CVE-2017-12220 Cisco Cross-site Scripting vulnerability in Cisco Firepower Management Center

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2017-09-07 CVE-2017-12212 Cisco Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2)

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system.

4.3
2017-09-07 CVE-2015-5060 Anchorcms Cross-site Scripting vulnerability in Anchorcms Anchor CMS 0.9.1

Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.

4.3
2017-09-07 CVE-2015-4721 Concretecms Cross-site Scripting vulnerability in Concretecms Concrete CMS 5.7.3.1

Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1.

4.3
2017-09-07 CVE-2015-3169 Askbot Cross-site Scripting vulnerability in Askbot 0.7.51

Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch.

4.3
2017-09-07 CVE-2017-14195 Finecms Project Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11

The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer.

4.3
2017-09-07 CVE-2017-14194 Finecms Project Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11

The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.

4.3
2017-09-07 CVE-2017-14193 Finecms Project Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11

The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.

4.3
2017-09-07 CVE-2017-14192 Finecms Project Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11

The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.

4.3
2017-09-07 CVE-2017-1189 IBM Cross-site Scripting vulnerability in IBM Websphere Portal

IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting.

4.3
2017-09-07 CVE-2017-12912 Mp3Gain Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mp3Gain 1.5.2

The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file.

4.3
2017-09-07 CVE-2017-12911 Mp3Gain Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mp3Gain 1.5.2

The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file.

4.3
2017-09-07 CVE-2017-12906 Nexusphp Project Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5

Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.

4.3
2017-09-07 CVE-2017-12794 Djangoproject Cross-site Scripting vulnerability in Djangoproject Django

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page.

4.3
2017-09-07 CVE-2017-12416 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os

Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation.

4.3
2017-09-07 CVE-2017-12133 GNU Use After Free vulnerability in GNU Glibc

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.

4.3
2017-09-07 CVE-2017-14173 Imagemagick
Canonical
Debian
Infinite Loop vulnerability in multiple products

In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected.

4.3
2017-09-06 CVE-2015-8316 Lightdm Project Improper Validation of Array Index vulnerability in Lightdm Project Lightdm

Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address.

4.3
2017-09-06 CVE-2015-2943 Honda Improper Certificate Validation vulnerability in Honda Moto Linc 1.6.1

Honda Moto LINC 1.6.1 does not verify SSL certificates.

4.3
2017-09-06 CVE-2017-14166 Libarchive
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.

4.3
2017-09-06 CVE-2017-14165 Graphicsmagick Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick 1.3.26

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header.

4.3
2017-09-06 CVE-2017-12476 Bento4 NULL Pointer Dereference vulnerability in Bento4

The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

4.3
2017-09-06 CVE-2017-12475 Axiosys NULL Pointer Dereference vulnerability in Axiosys Bento4

The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

4.3
2017-09-06 CVE-2017-12474 Bento4 NULL Pointer Dereference vulnerability in Bento4

The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

4.3
2017-09-05 CVE-2017-1457 IBM Cross-site Scripting vulnerability in IBM Qradar Network Security 5.4

IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting.

4.3
2017-09-05 CVE-2017-1130 IBM Unspecified vulnerability in IBM Inotes

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service.

4.3
2017-09-05 CVE-2017-1129 IBM Unspecified vulnerability in IBM Expeditor and Inotes

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service.

4.3
2017-09-04 CVE-2017-14139 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.62

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.

4.3
2017-09-04 CVE-2017-14136 Opencv
Debian
Out-of-bounds Write vulnerability in multiple products

OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread.

4.3
2017-09-04 CVE-2017-14132 Jasper Project
Debian
Out-of-bounds Read vulnerability in multiple products

JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.

4.3
2017-09-04 CVE-2017-14130 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.29

The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.

4.3
2017-09-04 CVE-2017-14129 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.29

The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.

4.3
2017-09-04 CVE-2017-14128 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.29

The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.

4.3
2017-09-04 CVE-2017-14126 Xnau Cross-site Scripting vulnerability in Xnau Participants Database 1.7.5.10

The Participants Database plugin before 1.7.5.10 for WordPress has XSS.

4.3
2017-09-09 CVE-2017-8040 Vmware XXE vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard.

4.0
2017-09-08 CVE-2017-12071 Synology Server-Side Request Forgery (SSRF) vulnerability in Synology Photo Station

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.

4.0
2017-09-08 CVE-2017-11162 Synology Path Traversal vulnerability in Synology Photo Station

Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.

4.0
2017-09-07 CVE-2017-6793 Cisco Information Exposure vulnerability in Cisco Prime Collaboration Provisioning

A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system.

4.0
2017-09-07 CVE-2017-12224 Cisco Information Exposure vulnerability in Cisco Meeting Server

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied.

4.0
2017-09-06 CVE-2015-3163 Redhat Improper Access Control vulnerability in Redhat Beaker

The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.

4.0
2017-09-06 CVE-2015-3160 Beaker Project XXE vulnerability in Beaker-Project Beaker

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.

4.0

16 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-09-09 CVE-2017-12699 Azeotech Incorrect Default Permissions vulnerability in Azeotech Daqfactory

An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1.

3.6
2017-09-08 CVE-2017-11611 Wolfcms Cross-site Scripting vulnerability in Wolfcms Wolf CMS 0.8.3.1

Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks.

3.5
2017-09-07 CVE-2017-12221 Cisco Cross-site Scripting vulnerability in Cisco Firepower Management Center

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software.

3.5
2017-09-07 CVE-2015-7672 Centreon Cross-site Scripting vulnerability in Centreon 2.6.1

Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27).

3.5
2017-09-07 CVE-2017-1502 IBM Cross-site Scripting vulnerability in IBM Content Navigator 2.0.3/3.0.0/3.0.1

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting.

3.5
2017-09-07 CVE-2017-1098 IBM Cross-site Scripting vulnerability in IBM Emptoris Supplier Lifecycle Management

IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting.

3.5
2017-09-07 CVE-2017-13754 Wibu Cross-site Scripting vulnerability in Wibu Codemeter

Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.

3.5
2017-09-06 CVE-2015-7225 Tinfoilsecurity 7PK - Security Features vulnerability in Tinfoilsecurity Devise-Two-Factor

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step.

3.5
2017-09-06 CVE-2015-3162 Beaker Project Cross-site Scripting vulnerability in Beaker-Project Beaker 20.1

Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.

3.5
2017-09-06 CVE-2015-3161 Beaker Project Cross-site Scripting vulnerability in Beaker-Project Beaker

The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON.

3.5
2017-09-08 CVE-2017-0792 Google Information Exposure vulnerability in Google Android 7.1.2

A information disclosure vulnerability in the Broadcom wi-fi driver.

3.3
2017-09-07 CVE-2017-12213 Cisco Improper Authentication vulnerability in Cisco IOS XE

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open.

3.3
2017-09-08 CVE-2011-3177 Yast Information Exposure vulnerability in Yast Yast2

The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.

2.1
2017-09-05 CVE-2017-14156 Linux Information Exposure vulnerability in Linux Kernel

The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.

2.1
2017-09-05 CVE-2017-14140 Linux Information Exposure vulnerability in Linux Kernel

The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.

2.1
2017-09-05 CVE-2017-14159 Openldap Improper Initialization vulnerability in Openldap

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.

1.9