Weekly Vulnerabilities Reports > September 18 to 24, 2017

Overview

289 new vulnerabilities reported during this period, including 45 critical vulnerabilities and 150 high severity vulnerabilities. This weekly summary report vulnerabilities in 309 products from 113 vendors including Stdutility, Google, Debian, Cisco, and Canonical. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Information Exposure", and "Out-of-bounds Read".

  • 183 reported vulnerabilities are remotely exploitables.
  • 56 reported vulnerabilities have public exploit available.
  • 65 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 174 reported vulnerabilities are exploitable by an anonymous user.
  • Stdutility has the most reported vulnerabilities, with 42 reported vulnerabilities.
  • Canonical has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

45 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-09-23 CVE-2017-14723 Wordpress SQL Injection vulnerability in Wordpress

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.

9.8
2017-09-22 CVE-2017-14706 Denyall Improper Authentication vulnerability in Denyall I-Suite and web Application Firewall

DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply.

9.8
2017-09-22 CVE-2017-14080 Trendmicro Improper Authentication vulnerability in Trendmicro Mobile Security 9.7

Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.

9.8
2017-09-22 CVE-2017-14078 Trendmicro SQL Injection vulnerability in Trendmicro Mobile Security 9.7

SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

9.8
2017-09-22 CVE-2017-9393 CA Information Exposure vulnerability in CA products

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

9.8
2017-09-22 CVE-2017-14637 Sam2P Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sam2P Project Sam2P 0.49.3

In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp.

9.8
2017-09-22 CVE-2017-14636 Sam2P Project Integer Overflow or Wraparound vulnerability in Sam2P Project Sam2P 0.49.3

Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp.

9.8
2017-09-21 CVE-2017-9283 Microfocus Out-of-bounds Read vulnerability in Microfocus Visibroker 8.5

An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5.

9.8
2017-09-21 CVE-2017-9282 Microfocus Integer Overflow or Wraparound vulnerability in Microfocus Visibroker 8.5

An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5.

9.8
2017-09-21 CVE-2017-12170 Pureftpd
Fedoraproject
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration.
9.8
2017-09-21 CVE-2017-14652 Tapatalk SQL Injection vulnerability in Tapatalk 4.5.7

SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.

9.8
2017-09-21 CVE-2017-14648 Bladeenc Out-of-bounds Write vulnerability in Bladeenc 0.94.2

A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2.

9.8
2017-09-21 CVE-2017-12930 Tecnovision SQL Injection vulnerability in Tecnovision DLX Spot Player4

SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.

9.8
2017-09-21 CVE-2017-12928 Tecnovision Use of Hard-coded Credentials vulnerability in Tecnovision DLX Spot Player4

A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.

9.8
2017-09-21 CVE-2015-1187 Dlink
Trendnet
Improper Authentication vulnerability in multiple products

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

9.8
2017-09-21 CVE-2015-5284 Freeipa Information Exposure vulnerability in Freeipa

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.

9.8
2017-09-21 CVE-2017-14632 Xiph ORG
Debian
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

9.8
2017-09-21 CVE-2017-14631 Sam2P Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sam2P Project Sam2P 0.49.3

In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow.

9.8
2017-09-21 CVE-2017-14630 Sam2P Project Integer Overflow or Wraparound vulnerability in Sam2P Project Sam2P 0.49.3

In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation.

9.8
2017-09-21 CVE-2017-14628 Sam2P Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sam2P Project Sam2P 0.49.3

In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp.

9.8
2017-09-21 CVE-2017-14626 Imagemagick
Canonical
NULL Pointer Dereference vulnerability in multiple products

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.

9.8
2017-09-21 CVE-2017-14625 Imagemagick
Canonical
NULL Pointer Dereference vulnerability in multiple products

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.

9.8
2017-09-21 CVE-2017-14624 Imagemagick
Canonical
NULL Pointer Dereference vulnerability in multiple products

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.

9.8
2017-09-20 CVE-2017-14596 Joomla LDAP Injection vulnerability in Joomla Joomla!

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

9.8
2017-09-20 CVE-2015-6673 Libpgf Use After Free vulnerability in Libpgf 6.11.42/6.12.24/6.14.12

Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.

9.8
2017-09-20 CVE-2017-12611 Apache Improper Input Validation vulnerability in Apache Struts

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

9.8
2017-09-20 CVE-2016-6795 Apache Path Traversal vulnerability in Apache Struts

In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.

9.8
2017-09-20 CVE-2015-4073 Helpdesk PRO Project SQL Injection vulnerability in Helpdesk PRO Project Helpdesk PRO

Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.

9.8
2017-09-20 CVE-2017-8772 Twsz Use of Hard-coded Credentials vulnerability in Twsz Wifi Repeater Firmware

On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1.

9.8
2017-09-20 CVE-2017-8771 Twsz Use of Hard-coded Credentials vulnerability in Twsz Wifi Repeater Firmware

On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root").

9.8
2017-09-19 CVE-2015-4683 Polycom Permissions, Privileges, and Access Controls vulnerability in Polycom Realpresence Resource Manager

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.

9.8
2017-09-19 CVE-2014-8686 Codeigniter Cryptographic Issues vulnerability in Codeigniter

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.

9.8
2017-09-19 CVE-2014-8684 Kohanaframework
Codeigniter
Cryptographic Issues vulnerability in multiple products

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.

9.8
2017-09-19 CVE-2017-6315 Sophos Improper Input Validation vulnerability in Sophos Astaro Security Gateway Firmware 7.500/7.506

Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.

9.8
2017-09-19 CVE-2017-14143 Kaltura Use of Hard-coded Credentials vulnerability in Kaltura Server

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.

9.8
2017-09-19 CVE-2017-10700 Qnap Improper Input Validation vulnerability in Qnap QTS 4.3.3.0229

In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.

9.8
2017-09-19 CVE-2015-3431 Pydio OS Command Injection vulnerability in Pydio

Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."

9.8
2017-09-19 CVE-2014-9618 Netsweeper Improper Authentication vulnerability in Netsweeper

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.

9.8
2017-09-19 CVE-2014-9611 Netsweeper Improper Authentication vulnerability in Netsweeper

Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.

9.8
2017-09-19 CVE-2014-8174 Redhat Information Exposure vulnerability in Redhat Edeploy

eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.

9.8
2017-09-19 CVE-2017-10930 ZTE Files or Directories Accessible to External Parties vulnerability in ZTE Zxr10 1800-2S Firmware

The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.

9.8
2017-09-18 CVE-2017-14532 Imagemagick
Canonical
NULL Pointer Dereference vulnerability in multiple products

ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.

9.8
2017-09-21 CVE-2017-7544 Libexif Project Out-of-bounds Read vulnerability in Libexif Project Libexif

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.

9.1
2017-09-20 CVE-2017-14608 Libraw Out-of-bounds Read vulnerability in Libraw

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp.

9.1
2017-09-19 CVE-2017-12883 Perl Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

9.1

150 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-09-22 CVE-2017-14081 Trendmicro Command Injection vulnerability in Trendmicro Mobile Security 9.7

Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

8.8
2017-09-22 CVE-2017-14079 Trendmicro Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro Mobile Security 9.7

Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

8.8
2017-09-22 CVE-2017-11395 Trendmicro OS Command Injection vulnerability in Trendmicro Smart Protection Server 3.1/3.2

Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.

8.8
2017-09-22 CVE-2017-3770 Lenovo Unspecified vulnerability in Lenovo Xclarity Administrator

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.

8.8
2017-09-22 CVE-2017-8007 Dell Path Traversal vulnerability in Dell products

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability.

8.8
2017-09-21 CVE-2017-14682 Imagemagick Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 7.0.6

GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.

8.8
2017-09-21 CVE-2017-14647 Bento4 Out-of-bounds Write vulnerability in Bento4 1.5.0617

A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617.

8.8
2017-09-21 CVE-2017-14644 Bento4 Out-of-bounds Write vulnerability in Bento4 1.5.0617

A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617.

8.8
2017-09-21 CVE-2017-14639 Bento4 Type Confusion vulnerability in Bento4 1.5.0617

AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact.

8.8
2017-09-21 CVE-2017-12929 Tecnovision Unrestricted Upload of File with Dangerous Type vulnerability in Tecnovision DLX Spot Player4

Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.

8.8
2017-09-21 CVE-2017-14160 Xiph ORG
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.

8.8
2017-09-21 CVE-2015-0276 Kallithea SCM Cross-Site Request Forgery (CSRF) vulnerability in Kallithea-Scm Kallithea 0.1

Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2.

8.8
2017-09-21 CVE-2017-14635 Otrs Improper Input Validation vulnerability in Otrs

In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.

8.8
2017-09-21 CVE-2017-12253 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 11.5(1)

A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions.

8.8
2017-09-21 CVE-2017-12214 Cisco Improper Input Validation vulnerability in Cisco Unified Customer Voice Portal 10.5/11.0/11.5

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges.

8.8
2017-09-20 CVE-2015-5395 Debian
Alinto
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

8.8
2017-09-20 CVE-2015-5607 Ipython
Fedoraproject
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery in the REST API in IPython 2 and 3.

8.8
2017-09-20 CVE-2015-1329 Canonical Use After Free vulnerability in Canonical Ubuntu Linux 14.04/15.04

Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.

8.8
2017-09-19 CVE-2017-10784 Ruby Lang Improper Authentication vulnerability in Ruby-Lang Ruby

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

8.8
2017-09-19 CVE-2015-4089 Wpfastestcache Cross-Site Request Forgery (CSRF) vulnerability in Wpfastestcache WP Fastest Cache

Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.

8.8
2017-09-18 CVE-2014-6106 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.

8.8
2017-09-18 CVE-2017-9333 Openwebif Project Improper Input Validation vulnerability in Openwebif Project Openwebif 1.2.5

OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package.

8.8
2017-09-22 CVE-2017-14705 Denyall OS Command Injection vulnerability in Denyall I-Suite and web Application Firewall

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php.

8.1
2017-09-21 CVE-2017-14650 Horde Improper Input Validation vulnerability in Horde Image API

A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility.

8.1
2017-09-21 CVE-2017-14246 Libsndfile Project
Debian
Out-of-bounds Read vulnerability in multiple products

An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.

8.1
2017-09-21 CVE-2017-14245 Libsndfile Project
Debian
Out-of-bounds Read vulnerability in multiple products

An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.

8.1
2017-09-20 CVE-2017-14623 GO Ldap Project Improper Authentication vulnerability in Go-Ldap Project Ldap 2.5.0

In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password.

8.1
2017-09-20 CVE-2017-14607 Imagemagick
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c.

8.1
2017-09-20 CVE-2015-4075 Helpdeskpro Injection vulnerability in Helpdeskpro Helpdesk PRO 1.1.1/1.2.0/1.3.0

The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.

8.1
2017-09-19 CVE-2017-12615 Apache
Netapp
Redhat
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g.

8.1
2017-09-21 CVE-2017-14320 Mirasvit Improper Input Validation vulnerability in Mirasvit Helpdesk MX 1.5.2

Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.

8.0
2017-09-18 CVE-2017-14530 Crony Cronjob Manager Project Cross-Site Request Forgery (CSRF) vulnerability in Crony Cronjob Manager Project Crony Cronjob Manager

WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences.

8.0
2017-09-23 CVE-2017-14627 Cyberlink Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cyberlink Labelprint 2.5

Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.

7.8
2017-09-22 CVE-2017-14694 Foxitsoftware Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013

Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.".

7.8
2017-09-22 CVE-2017-6277 Nvidia Improper Input Validation vulnerability in Nvidia GPU Driver

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.

7.8
2017-09-22 CVE-2017-6272 Nvidia Improper Input Validation vulnerability in Nvidia GPU Driver

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.

7.8
2017-09-22 CVE-2017-6269 Nvidia Improper Input Validation vulnerability in Nvidia GPU Driver

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.

7.8
2017-09-22 CVE-2017-6268 Nvidia Improper Input Validation vulnerability in Nvidia GPU Driver

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.

7.8
2017-09-22 CVE-2017-14693 Irfanview Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Irfanview 4.44

IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613."

7.8
2017-09-22 CVE-2017-14692 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."

7.8
2017-09-22 CVE-2017-14691 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a."

7.8
2017-09-22 CVE-2017-14690 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7."

7.8
2017-09-22 CVE-2017-14689 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e."

7.8
2017-09-22 CVE-2017-14688 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917."

7.8
2017-09-22 CVE-2017-14687 Artifex Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mupdf 1.11

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows.

7.8
2017-09-22 CVE-2017-14686 Artifex Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mupdf 1.11

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows.

7.8
2017-09-22 CVE-2017-14685 Artifex Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mupdf 1.11

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows.

7.8
2017-09-21 CVE-2015-3887 Proxychains NG Project Untrusted Search Path vulnerability in Proxychains-Ng Project Proxychains-Ng

Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.

7.8
2017-09-21 CVE-2017-9725 Google Incorrect Calculation vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.

7.8
2017-09-21 CVE-2017-9724 Google Improper Privilege Management vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.

7.8
2017-09-21 CVE-2017-9720 Google Off-by-one Error vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur.

7.8
2017-09-21 CVE-2017-9677 Google Race Condition vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks.

7.8
2017-09-21 CVE-2017-8278 Google Classic Buffer Overflow vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur.

7.8
2017-09-21 CVE-2017-8277 Google Use After Free vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed.

7.8
2017-09-21 CVE-2017-8251 Google Improper Validation of Array Index vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle.

7.8
2017-09-21 CVE-2017-8250 Google Integer Overflow or Wraparound vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check.

7.8
2017-09-21 CVE-2017-8247 Google Resource Exhaustion vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once.

7.8
2017-09-21 CVE-2017-11041 Google Unspecified vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another.

7.8
2017-09-21 CVE-2017-11000 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write.

7.8
2017-09-21 CVE-2017-10999 Google Unspecified vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks.

7.8
2017-09-21 CVE-2017-10998 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region.

7.8
2017-09-21 CVE-2017-10997 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory.

7.8
2017-09-21 CVE-2017-12252 Cisco Untrusted Search Path vulnerability in Cisco Findit Network Discovery Utility 2.0.3

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity.

7.8
2017-09-20 CVE-2017-14617 Freedesktop Improper Input Validation vulnerability in Freedesktop Poppler 0.59.0

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

7.8
2017-09-20 CVE-2017-14610 Bareos Improper Initialization vulnerability in Bareos

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.

7.8
2017-09-20 CVE-2017-14609 Kannel Improper Initialization vulnerability in Kannel

The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox.

7.8
2017-09-19 CVE-2015-4681 Polycom Credentials Management vulnerability in Polycom Realpresence Resource Manager

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.

7.8
2017-09-19 CVE-2017-14311 Netmechanica Unspecified vulnerability in Netmechanica Netdecision 5.8.2

The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.

7.8
2017-09-18 CVE-2017-14580 Xnview Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xnview 2.41

XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f."

7.8
2017-09-18 CVE-2017-14579 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000005b70."

7.8
2017-09-18 CVE-2017-14578 Irfanview Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Irfanview 4.44

IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4."

7.8
2017-09-18 CVE-2017-14577 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d."

7.8
2017-09-18 CVE-2017-14576 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281."

7.8
2017-09-18 CVE-2017-14575 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566c."

7.8
2017-09-18 CVE-2017-14574 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x0000000004940490."

7.8
2017-09-18 CVE-2017-14573 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566a."

7.8
2017-09-18 CVE-2017-14572 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x000000000479049b called from Unknown Symbol @ 0x000000000d89645b."

7.8
2017-09-18 CVE-2017-14571 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706."

7.8
2017-09-18 CVE-2017-14570 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64LdrpInitialize+0x00000000000008e1."

7.8
2017-09-18 CVE-2017-14569 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Read Access Violation starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd5."

7.8
2017-09-18 CVE-2017-14568 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x000000000297024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025630."

7.8
2017-09-18 CVE-2017-14567 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b."

7.8
2017-09-18 CVE-2017-14566 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x00000000039d76c4 called from Unknown Symbol @ 0x0000000000049d2c."

7.8
2017-09-18 CVE-2017-14565 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000038f2fbf called from image00000000_00400000+0x0000000000240065."

7.8
2017-09-18 CVE-2017-14564 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000028657."

7.8
2017-09-18 CVE-2017-14563 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005311."

7.8
2017-09-18 CVE-2017-14562 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

7.8
2017-09-18 CVE-2017-14561 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d called from STDUXPSFile!DllUnregisterServer+0x0000000000025638."

7.8
2017-09-18 CVE-2017-14560 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2."

7.8
2017-09-18 CVE-2017-14559 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005af2."

7.8
2017-09-18 CVE-2017-14558 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2."

7.8
2017-09-18 CVE-2017-14557 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000dd3f."

7.8
2017-09-18 CVE-2017-14556 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000da27."

7.8
2017-09-18 CVE-2017-14555 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000ec6e."

7.8
2017-09-18 CVE-2017-14554 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d908."

7.8
2017-09-18 CVE-2017-14553 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x00000000000085f5."

7.8
2017-09-18 CVE-2017-14552 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9a9."

7.8
2017-09-18 CVE-2017-14551 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9f2."

7.8
2017-09-18 CVE-2017-14550 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000e8b8."

7.8
2017-09-18 CVE-2017-14549 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

7.8
2017-09-18 CVE-2017-14548 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000854d."

7.8
2017-09-18 CVE-2017-14547 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mobi file, related to a "Read Access Violation starting at STDUMOBIFile!DllUnregisterServer+0x000000000002efc0."

7.8
2017-09-18 CVE-2017-14546 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

7.8
2017-09-18 CVE-2017-14545 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000010332."

7.8
2017-09-18 CVE-2017-14544 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUEPubFile!DllUnregisterServer+0x000000000003fff1."

7.8
2017-09-18 CVE-2017-14543 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335."

7.8
2017-09-18 CVE-2017-14542 Stdutility Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Stdutility Stdu Viewer 1.6.375

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .epub file, related to a "Read Access Violation on Block Data Move starting at STDUEPubFile!DllUnregisterServer+0x0000000000010262."

7.8
2017-09-18 CVE-2017-14541 Xnview Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xnview 2.40

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e."

7.8
2017-09-18 CVE-2017-14540 Irfanview Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Irfanview 4.44

IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e."

7.8
2017-09-18 CVE-2017-14539 Irfanview Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Irfanview 4.44

IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x000000000011d767."

7.8
2017-09-18 CVE-2017-14538 Xnview Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xnview 2.40

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823."

7.8
2017-09-23 CVE-2017-14727 Weechat Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Weechat Logger

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.

7.5
2017-09-23 CVE-2017-14722 Wordpress Path Traversal vulnerability in Wordpress

Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.

7.5
2017-09-23 CVE-2017-14719 Wordpress Path Traversal vulnerability in Wordpress

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.

7.5
2017-09-21 CVE-2017-14680 Zkteco Information Exposure vulnerability in Zkteco Zktime web 2.0.1.12280

ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.

7.5
2017-09-21 CVE-2017-9281 Microfocus Integer Overflow or Wraparound vulnerability in Microfocus Visibroker 8.5

An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service.

7.5
2017-09-21 CVE-2017-14646 Axiosys Out-of-bounds Read vulnerability in Axiosys Bento4 1.5.0617

The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.

7.5
2017-09-21 CVE-2015-8559 Chef Information Exposure vulnerability in Chef

The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.

7.5
2017-09-21 CVE-2017-14629 Sam2P Project Integer Overflow or Wraparound vulnerability in Sam2P Project Sam2P 0.49.3

In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element.

7.5
2017-09-21 CVE-2017-12219 Cisco Unspecified vulnerability in Cisco products

A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

7.5
2017-09-20 CVE-2017-14616 Watchguard Resource Exhaustion vulnerability in Watchguard Fireware

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0.

7.5
2017-09-20 CVE-2015-9231 Iterm2 Information Exposure vulnerability in Iterm2

iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries.

7.5
2017-09-20 CVE-2015-3890 Litespeedtech Use After Free vulnerability in Litespeedtech Openlitespeed

Use-after-free vulnerability in Open Litespeed before 1.3.10.

7.5
2017-09-20 CVE-2017-9804 Apache Improper Input Validation vulnerability in Apache Struts

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

7.5
2017-09-20 CVE-2017-9793 Apache Improper Input Validation vulnerability in Apache Struts

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

7.5
2017-09-20 CVE-2017-7924 Rockwellautomation Improper Input Validation vulnerability in Rockwellautomation products

An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD.

7.5
2017-09-20 CVE-2017-14339 Yadifa Infinite Loop vulnerability in Yadifa

The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop.

7.5
2017-09-20 CVE-2015-5179 Freeipa Improper Input Validation vulnerability in Freeipa

FreeIPA might display user data improperly via vectors involving non-printable characters.

7.5
2017-09-20 CVE-2015-4074 Helpdesk PRO Project Path Traversal vulnerability in Helpdesk PRO Project Helpdesk PRO

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a ..

7.5
2017-09-20 CVE-2017-8770 Twsz Information Exposure vulnerability in Twsz Wifi Repeater Firmware

There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.

7.5
2017-09-19 CVE-2017-12837 Perl Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

7.5
2017-09-19 CVE-2017-14033 Ruby Lang Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

7.5
2017-09-19 CVE-2017-14581 SAP Unspecified vulnerability in SAP Netweaver Application Server Java

The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.

7.5
2017-09-19 CVE-2015-1854 Fedoraproject
Debian
Improper Access Control vulnerability in multiple products

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.

7.5
2017-09-19 CVE-2015-0689 Cisco Data Processing Errors vulnerability in Cisco Cloud web Security

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.

7.5
2017-09-19 CVE-2014-9616 Netsweeper Information Exposure vulnerability in Netsweeper

Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page.

7.5
2017-09-19 CVE-2017-10931 ZTE Path Traversal vulnerability in ZTE Zxr10 1800-2S Firmware

The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.

7.5
2017-09-19 CVE-2017-12616 Apache Information Exposure vulnerability in Apache Tomcat

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

7.5
2017-09-18 CVE-2017-9803 Apache Improper Authentication vulnerability in Apache Solr

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application.

7.5
2017-09-18 CVE-2017-9798 Apache
Debian
Use After Free vulnerability in multiple products

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed.

7.5
2017-09-22 CVE-2017-8012 Dell Unspecified vulnerability in Dell products

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition.

7.4
2017-09-22 CVE-2017-11396 Trendmicro Unspecified vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.

7.2
2017-09-19 CVE-2017-14141 Kaltura Deserialization of Untrusted Data vulnerability in Kaltura Server

The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.

7.2
2017-09-19 CVE-2014-9619 Netsweeper Unrestricted Upload of File with Dangerous Type vulnerability in Netsweeper

Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.

7.2
2017-09-19 CVE-2014-5362 Landesk Improper Input Validation vulnerability in Landesk Management Suite 8.7/8.8/9.6

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx.

7.2
2017-09-21 CVE-2017-12215 Cisco Improper Input Validation vulnerability in Cisco Asyncos

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages.

7.1
2017-09-21 CVE-2017-8280 Google Missing Release of Resource after Effective Lifetime vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch.

7.0
2017-09-20 CVE-2015-0162 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0

IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.

7.0
2017-09-20 CVE-2017-9607 ARM Integer Overflow or Wraparound vulnerability in ARM Arm-Trusted-Firmware

The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.

7.0
2017-09-19 CVE-2015-4685 Polycom Permissions, Privileges, and Access Controls vulnerability in Polycom Realpresence Resource Manager

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.

7.0

92 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-09-22 CVE-2017-3763 Lenovo Unspecified vulnerability in Lenovo Xclarity Administrator

An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.

6.7
2017-09-21 CVE-2017-12255 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System 1.5(1C)

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access.

6.7
2017-09-22 CVE-2017-14653 Asp4Cms Information Exposure vulnerability in Asp4Cms Aspcms 2.7.2

member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter.

6.5
2017-09-22 CVE-2017-14684 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.74

In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.

6.5
2017-09-21 CVE-2017-14645 Bento4 Out-of-bounds Read vulnerability in Bento4 1.5.0617

A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617.

6.5
2017-09-21 CVE-2017-14643 Bento4 Out-of-bounds Read vulnerability in Bento4 1.5.0617

The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h.

6.5
2017-09-21 CVE-2017-14642 Bento4 NULL Pointer Dereference vulnerability in Bento4 1.5.0617

A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617.

6.5
2017-09-21 CVE-2017-14641 Bento4 NULL Pointer Dereference vulnerability in Bento4 1.5.0617

A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617.

6.5
2017-09-21 CVE-2017-14640 Bento4 NULL Pointer Dereference vulnerability in Bento4 1.5.0617

A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617.

6.5
2017-09-21 CVE-2017-14638 Bento4 NULL Pointer Dereference vulnerability in Bento4 1.5.0617

AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h.

6.5
2017-09-21 CVE-2017-14634 Libsndfile Project
Debian
Divide By Zero vulnerability in multiple products

In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.

6.5
2017-09-21 CVE-2017-14633 Xiph ORG
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

6.5
2017-09-21 CVE-2017-6720 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition.

6.5
2017-09-20 CVE-2015-2927 Uronode
Nodejs
Debian
Resource Management Errors vulnerability in multiple products

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).

6.5
2017-09-20 CVE-2017-9645 Mirion Inadequate Encryption Strength vulnerability in Mirion products

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices).

6.5
2017-09-20 CVE-2015-5248 Redhat Improper Input Validation vulnerability in Redhat Feedhenry Enterprise Mobile Application Platform

Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.

6.5
2017-09-20 CVE-2017-14604 Gnome
Debian
Improper Input Validation vulnerability in multiple products

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command.

6.5
2017-09-19 CVE-2015-4684 Polycom Credentials Management vulnerability in Polycom Realpresence Resource Manager

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a ..

6.5
2017-09-19 CVE-2015-4682 Polycom Information Exposure vulnerability in Polycom Realpresence Resource Manager

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.

6.5
2017-09-19 CVE-2015-3419 Vbulletin Improper Input Validation vulnerability in Vbulletin

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.

6.5
2017-09-18 CVE-2017-14533 Imagemagick
Canonical
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.

6.5
2017-09-18 CVE-2017-14531 Imagemagick
Canonical
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.

6.5
2017-09-18 CVE-2017-14528 Imagemagick
Debian
Use After Free vulnerability in multiple products

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.

6.5
2017-09-21 CVE-2017-7549 Openstack Unspecified vulnerability in Openstack Instack-Undercloud 5.3.0/6.1.0/7.2.0

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files.

6.4
2017-09-23 CVE-2017-14726 Wordpress Cross-site Scripting vulnerability in Wordpress

Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.

6.1
2017-09-23 CVE-2017-14724 Wordpress Cross-site Scripting vulnerability in Wordpress

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.

6.1
2017-09-23 CVE-2017-14721 Wordpress Cross-site Scripting vulnerability in Wordpress

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.

6.1
2017-09-23 CVE-2017-14720 Wordpress Cross-site Scripting vulnerability in Wordpress

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.

6.1
2017-09-23 CVE-2017-14718 Wordpress Cross-site Scripting vulnerability in Wordpress

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.

6.1
2017-09-21 CVE-2015-4706 Ipython Cross-site Scripting vulnerability in Ipython 3.0.0/3.1.0

Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.

6.1
2017-09-21 CVE-2015-3296 Nodebb Cross-site Scripting vulnerability in Nodebb

Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.

6.1
2017-09-21 CVE-2017-12254 Cisco Cross-site Scripting vulnerability in Cisco Unified Intelligence Center 11.5(1)

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack.

6.1
2017-09-21 CVE-2017-12248 Cisco Cross-site Scripting vulnerability in Cisco Unified Intelligence Center 11.5(1)

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.

6.1
2017-09-20 CVE-2017-14619 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

6.1
2017-09-20 CVE-2017-14615 Watchguard Cross-site Scripting vulnerability in Watchguard Fireware

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0.

6.1
2017-09-20 CVE-2015-5608 Joomla Open Redirect vulnerability in Joomla Joomla!

Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.

6.1
2017-09-20 CVE-2015-4707 Ipython Cross-site Scripting vulnerability in Ipython

Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.

6.1
2017-09-20 CVE-2015-1866 Emberjs Cross-site Scripting vulnerability in Emberjs Ember.Js 1.10.0/1.11.0/1.11.1

Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.

6.1
2017-09-20 CVE-2014-9758 Magento Cross-site Scripting vulnerability in Magento 1.9.0.1

Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.

6.1
2017-09-19 CVE-2017-14142 Kaltura Cross-site Scripting vulnerability in Kaltura Server

Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, (6) entryId, (7) adminUiConfId, or (8) uiConfId parameter to server/admin_console/web/tools/bigRedButtonPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBroadcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlayer.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHlsjs.php.

6.1
2017-09-19 CVE-2015-3880 Phpbb Open Redirect vulnerability in PHPbb

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.1
2017-09-19 CVE-2015-3432 Pydio Cross-site Scripting vulnerability in Pydio

Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities."

6.1
2017-09-19 CVE-2015-3299 Floating Social BAR Project Cross-site Scripting vulnerability in Floating Social BAR Project Floating Social BAR

Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order.

6.1
2017-09-18 CVE-2017-14534 Nexusphp Project Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5

Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.

6.1
2017-09-18 CVE-2017-12156 Moodle Cross-site Scripting vulnerability in Moodle

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.

6.1
2017-09-20 CVE-2017-12168 Linux Unspecified vulnerability in Linux Kernel

The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).

6.0
2017-09-20 CVE-2016-8738 Apache Improper Input Validation vulnerability in Apache Struts

In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

5.9
2017-09-19 CVE-2015-1849 Redhat Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

5.9
2017-09-19 CVE-2015-3420 Dovecot
Fedoraproject
Improper Certificate Validation vulnerability in multiple products

The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.

5.9
2017-09-18 CVE-2016-10511 Twitter Improper Certificate Validation vulnerability in Twitter 6.62/6.62.1

The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features.

5.9
2017-09-18 CVE-2017-6147 F5 Unspecified vulnerability in F5 products

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server.

5.9
2017-09-18 CVE-2017-0380 Torproject Information Exposure Through Log Files vulnerability in Torproject TOR

The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.

5.9
2017-09-22 CVE-2017-6271 Nvidia Divide By Zero vulnerability in Nvidia GPU Driver

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service.

5.5
2017-09-22 CVE-2017-6270 Nvidia Divide By Zero vulnerability in Nvidia GPU Driver

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service.

5.5
2017-09-22 CVE-2017-6267 Nvidia Infinite Loop vulnerability in Nvidia GPU Driver

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.

5.5
2017-09-22 CVE-2017-6266 Nvidia Unspecified vulnerability in Nvidia GPU Driver

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.

5.5
2017-09-21 CVE-2017-14681 P3Scan Project Improper Initialization vulnerability in P3Scan Project P3Scan 3.0

The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.

5.5
2017-09-21 CVE-2017-14649 Graphicsmagick Reachable Assertion vulnerability in Graphicsmagick 1.3.26

ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).

5.5
2017-09-21 CVE-2017-11040 Google Information Exposure vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to.

5.5
2017-09-21 CVE-2017-11002 Google Out-of-bounds Read vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur.

5.5
2017-09-21 CVE-2017-11001 Google Information Exposure vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read.

5.5
2017-09-21 CVE-2017-10996 Google Information Exposure vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated.

5.5
2017-09-19 CVE-2015-7837 Redhat 7PK - Security Features vulnerability in Redhat products

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.

5.5
2017-09-18 CVE-2017-14529 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.29

The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.

5.5
2017-09-23 CVE-2017-14725 Wordpress Open Redirect vulnerability in Wordpress

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.

5.4
2017-09-22 CVE-2017-14717 Telaxius Cross-site Scripting vulnerability in Telaxius Epesi

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.

5.4
2017-09-22 CVE-2017-14716 Telaxius Cross-site Scripting vulnerability in Telaxius Epesi

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.

5.4
2017-09-22 CVE-2017-14715 Telaxius Cross-site Scripting vulnerability in Telaxius Epesi

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.

5.4
2017-09-22 CVE-2017-14714 Telaxius Cross-site Scripting vulnerability in Telaxius Epesi

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.

5.4
2017-09-22 CVE-2017-14713 Telaxius Cross-site Scripting vulnerability in Telaxius Epesi

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.

5.4
2017-09-22 CVE-2017-14712 Telaxius Cross-site Scripting vulnerability in Telaxius Epesi

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.

5.4
2017-09-21 CVE-2017-14321 Mirasvit Cross-site Scripting vulnerability in Mirasvit Helpdesk MX 1.5.2

Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket.

5.4
2017-09-20 CVE-2017-14621 Suse Cross-site Scripting vulnerability in Suse Portus 2.2.0

Portus 2.2.0 has XSS via the Team field, related to typeahead.

5.4
2017-09-20 CVE-2015-4072 Helpdesk PRO Project Cross-site Scripting vulnerability in Helpdesk PRO Project Helpdesk PRO

Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.

5.4
2017-09-19 CVE-2015-1864 Kallithea SCM Cross-site Scripting vulnerability in Kallithea-Scm Kallithea 0.1/0.2

Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description.

5.4
2017-09-19 CVE-2014-6191 IBM Cross-site Scripting vulnerability in IBM Curam Social Program Management

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4
2017-09-21 CVE-2017-12250 Cisco Improper Input Validation vulnerability in Cisco Wide Area Application Services 6.2(3A)

A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition.

5.3
2017-09-20 CVE-2015-9232 Good Insufficient Verification of Data Authenticity vulnerability in Good for Enterprise 3.0.0.415

The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent.

5.3
2017-09-20 CVE-2015-2826 Simple ADS Manager Project Information Exposure vulnerability in Simple ADS Manager Project Simple ADS Manager 2.5.94/2.5.96

WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.

5.3
2017-09-19 CVE-2014-9610 Netsweeper Permissions, Privileges, and Access Controls vulnerability in Netsweeper

Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.

5.3
2017-09-20 CVE-2017-9649 Mirion Technologies Use of Hard-coded Credentials vulnerability in Mirion Technologies products

A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices).

5.0
2017-09-19 CVE-2017-14601 Pragyan CMS Project SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0

Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.

4.9
2017-09-19 CVE-2017-14600 Pragyan CMS Project SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.

4.9
2017-09-21 CVE-2017-14651 Wso2 Cross-site Scripting vulnerability in Wso2 products

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

4.8
2017-09-20 CVE-2017-14618 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.

4.8
2017-09-20 CVE-2015-7347 Zcms Project Cross-site Scripting vulnerability in Zcms Project Zcms 1.1

Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.

4.8
2017-09-19 CVE-2017-14597 Afterlogic Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.

4.8
2017-09-21 CVE-2017-9676 Google Use After Free vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.

4.7
2017-09-21 CVE-2017-8281 Google Race Condition vulnerability in Google Android

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.

4.7
2017-09-20 CVE-2015-1865 GNU Race Condition vulnerability in GNU Coreutils 8.4

fts.c in coreutils 8.4 allows local users to delete arbitrary files.

4.7
2017-09-21 CVE-2017-12153 Linux
Debian
Canonical
NULL Pointer Dereference vulnerability in multiple products

A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3.

4.4
2017-09-18 CVE-2017-12157 Moodle Information Exposure vulnerability in Moodle

In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-09-20 CVE-2017-14595 Joomla Unspecified vulnerability in Joomla Joomla!

In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

3.7
2017-09-20 CVE-2015-8224 Huawei Information Exposure vulnerability in Huawei P8 Firmware

Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths.

3.7