Weekly Vulnerabilities Reports > September 25 to October 1, 2017

Overview

237 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 42 high severity vulnerabilities. This weekly summary report vulnerabilities in 266 products from 119 vendors including Cisco, IBM, HP, Schneider Electric, and Exiv2. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Improper Input Validation", and "Information Exposure".

  • 209 reported vulnerabilities are remotely exploitables.
  • 26 reported vulnerabilities have public exploit available.
  • 86 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 172 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

21 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-09-30 CVE-2017-14350 HP Missing Authentication for Critical Function vulnerability in HP Application Performance Management 9.26/9.30/9.40

A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40.

10.0
2017-09-30 CVE-2017-13983 HP Improper Authentication vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.

10.0
2017-09-30 CVE-2016-10512 Multitech Credentials Management vulnerability in Multitech Faxfinder

MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration.

10.0
2017-09-29 CVE-2017-12240 Cisco Improper Input Validation vulnerability in Cisco IOS

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.

10.0
2017-09-29 CVE-2017-12229 Cisco Improper Authentication vulnerability in Cisco IOS XE

A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software.

10.0
2017-09-28 CVE-2017-11121 Broadcom
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.

10.0
2017-09-28 CVE-2017-11120 Broadcom
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.

10.0
2017-09-28 CVE-2017-10932 ZTE Deserialization of Untrusted Data vulnerability in ZTE products

All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities.

10.0
2017-09-28 CVE-2015-8249 Manageengine Unrestricted Upload of File With Dangerous Type vulnerability in Manageengine Desktop Central 9.0

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.

10.0
2017-09-28 CVE-2015-1537 Google Integer Overflow OR Wraparound vulnerability in Google Android

Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.

9.3
2017-09-26 CVE-2017-14743 Faleemi SQL Injection vulnerability in Faleemi Fsc-880 Firmware 00.01.01.0048P2

Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.

9.3
2017-09-30 CVE-2017-13982 HP Path Traversal vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40

A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.

9.0
2017-09-29 CVE-2017-14867 GIT SCM
Debian
OS Command Injection vulnerability in multiple products

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name.

9.0
2017-09-29 CVE-2017-12230 Cisco Incorrect Default Permissions vulnerability in Cisco IOS XE 16.2.1

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device.

9.0
2017-09-29 CVE-2017-12226 Cisco Improper Input Validation vulnerability in Cisco IOS XE

A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device.

9.0
2017-09-28 CVE-2017-1407 IBM Command Injection vulnerability in IBM products

IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system.

9.0
2017-09-26 CVE-2017-5200 Saltstack Unspecified vulnerability in Saltstack Salt

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

9.0
2017-09-26 CVE-2017-14602 Citrix Improper Authentication vulnerability in Citrix products

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.

9.0
2017-09-26 CVE-2017-14001 Digium OS Command Injection vulnerability in Digium Asterisk GUI

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior.

9.0
2017-09-26 CVE-2014-8170 Ovirt
Redhat
USE of Externally-Controlled Format String vulnerability in Ovirt Ovirt-Node 3.0.0474Gb852Fd7

ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.

9.0
2017-09-25 CVE-2015-7544 Redhat Injection vulnerability in Redhat Enterprise Virtualization Manager 3.4/3.4.1/3.5.0

redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.

9.0

42 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-10-01 CVE-2017-14797 Philips Inadequate Encryption Strength vulnerability in Philips HUE Bridge Bsb002 Firmware 1707040932

Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.

7.9
2017-09-29 CVE-2017-12237 Cisco Resource Exhaustion vulnerability in Cisco IOS and IOS XE

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition.

7.8
2017-09-29 CVE-2017-12235 Cisco Improper Input Validation vulnerability in Cisco IOS

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

7.8
2017-09-29 CVE-2017-12234 Cisco Improper Input Validation vulnerability in Cisco IOS

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

7.8
2017-09-29 CVE-2017-12233 Cisco Improper Input Validation vulnerability in Cisco IOS

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

7.8
2017-09-29 CVE-2017-12231 Cisco Unspecified vulnerability in Cisco IOS

A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2017-09-25 CVE-2016-5868 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process.

7.6
2017-09-30 CVE-2017-14942 Intelbras Files OR Directories Accessible TO External Parties vulnerability in Intelbras WRN 150 Firmware 1.0.1

Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.

7.5
2017-09-30 CVE-2017-14738 Filerun SQL Injection vulnerability in Filerun 2017.09.18

FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).

7.5
2017-09-30 CVE-2017-14702 Branaghgroup Deserialization of Untrusted Data vulnerability in Branaghgroup ERS Data System 1.8.1.0

ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.

7.5
2017-09-30 CVE-2017-14351 HP Unspecified vulnerability in HP Ucmdb Configuration Manager

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23.

7.5
2017-09-30 CVE-2017-14349 HP Improper Privilege Management vulnerability in HP Sitescope

An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.

7.5
2017-09-29 CVE-2017-7552 Redhat Unspecified vulnerability in Redhat Mobile Application Platform 4.4/4.4.3

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created.

7.5
2017-09-29 CVE-2017-14507 Shindiristudio SQL Injection vulnerability in Shindiristudio Content Timeline 4.4.2

Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.

7.5
2017-09-29 CVE-2017-12236 Cisco Improper Authentication vulnerability in Cisco IOS XE 16.5.1C/3.2.0Ja/3.9.1E

A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR).

7.5
2017-09-28 CVE-2017-1483 IBM Missing Authentication for Critical Function vulnerability in IBM products

IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.

7.5
2017-09-28 CVE-2017-12814 Perl
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Perl

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

7.5
2017-09-28 CVE-2017-12621 Apache XXE vulnerability in Apache Commons-Jelly

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL.

7.5
2017-09-27 CVE-2017-14760 Eventespresso SQL Injection vulnerability in Eventespresso Event Espresso Lite

SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.

7.5
2017-09-26 CVE-2017-1527 IBM XXE vulnerability in IBM Business Process Manager

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

7.5
2017-09-26 CVE-2015-7670 Support Ticket System Project SQL Injection vulnerability in Support Ticket System Project Support Ticket System

Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter.

7.5
2017-09-26 CVE-2015-7390 Testlink SQL Injection vulnerability in Testlink

SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.

7.5
2017-09-26 CVE-2017-14703 Cashbackcomparisonscript SQL Injection vulnerability in Cashbackcomparisonscript Cash Back Comparison 1.0

SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.

7.5
2017-09-26 CVE-2017-9957 Schneider Electric USE of Hard-Coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password.

7.5
2017-09-26 CVE-2017-9956 Schneider Electric USE of Hard-Coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session.

7.5
2017-09-26 CVE-2017-7974 Schneider Electric Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.

7.5
2017-09-26 CVE-2017-7973 Schneider Electric SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.

7.5
2017-09-25 CVE-2015-7510 Freedesktop Buffer Errors vulnerability in Freedesktop Systemd 223

Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.

7.5
2017-09-25 CVE-2012-6696 Inspircd Improper Input Validation vulnerability in Inspircd

inspircd in Debian before 2.0.7 does not properly handle unsigned integers.

7.5
2017-09-25 CVE-2017-14125 Wpdevart SQL Injection vulnerability in Wpdevart Responsive Image Gallery Album

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.

7.5
2017-09-25 CVE-2017-12905 Vebto Server-Side Request Forgery (SSRF) vulnerability in Vebto Pixie Image Editor 1.4/1.7

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.

7.5
2017-09-25 CVE-2015-4667 Xceedium USE of Hard-Coded Credentials vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0

Multiple hardcoded credentials in Xsuite 2.x.

7.5
2017-09-29 CVE-2017-12239 Cisco USE of Hard-Coded Credentials vulnerability in Cisco IOS XE

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system.

7.2
2017-09-28 CVE-2015-1336 MAN DB Project
Canonical
Debian
Improper Access Control vulnerability in Man-Db Project Man-Db

The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.

7.2
2017-09-26 CVE-2017-9958 Schneider Electric Incorrect Permission Assignment for Critical Resource vulnerability in Schneider-Electric U.Motion Builder 1.2.1

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.

7.2
2017-09-26 CVE-2014-8156 FSO Frameworkd Project
FSO Gsmd Project
FSO Usaged Project
Phonefsod Project
Debian
Permissions, Privileges, and Access Controls vulnerability in multiple products

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

7.2
2017-09-25 CVE-2015-6592 Huawei 7PK - Security Features vulnerability in Huawei Uap2105 Firmware

Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.

7.2
2017-09-25 CVE-2015-5704 Devscripts Devel Team
Fedoraproject
Command Injection vulnerability in multiple products

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

7.2
2017-09-25 CVE-2017-14730 Elasticsearch
Gentoo
Incorrect Permission Assignment FOR Critical Resource vulnerability in Elasticsearch Logstash

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.

7.2
2017-09-25 CVE-2015-4669 Xceedium SQL Injection vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.

7.2
2017-09-30 CVE-2017-14930 GNU Missing Release of Resource After Effective Lifetime vulnerability in GNU Binutils 2.29

Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

7.1
2017-09-28 CVE-2015-1526 Google Integer Overflow OR Wraparound vulnerability in Google Android

The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.

7.1

150 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-09-30 CVE-2017-14947 Artifex
Microsoft
Buffer Errors vulnerability in Artifex Gsview 6.0

Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."

6.8
2017-09-30 CVE-2017-14946 Artifex
Microsoft
Buffer Errors vulnerability in Artifex Gsview 6.0

Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e."

6.8
2017-09-30 CVE-2017-14945 Artifex
Microsoft
Buffer Errors vulnerability in Artifex Gsview 6.0

Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068."

6.8
2017-09-30 CVE-2016-4434 Apache XXE vulnerability in Apache Tika 1.12

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.

6.8
2017-09-30 CVE-2015-9233 Codepeople Cross-Site Request Forgery (CSRF) vulnerability in Codepeople CP Contact Form With Paypal

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.

6.8
2017-09-29 CVE-2014-2029 Percona Information Exposure vulnerability in Percona Toolkit 2.1

The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.

6.8
2017-09-28 CVE-2017-14796 Libbpg Project Integer Underflow (Wrap OR Wraparound) vulnerability in Libbpg Project Libbpg 0.9.7

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.

6.8
2017-09-28 CVE-2017-14795 Libbpg Project Out-Of-Bounds Read vulnerability in Libbpg Project Libbpg 0.9.7

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.

6.8
2017-09-27 CVE-2017-14767 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.

6.8
2017-09-26 CVE-2017-14749 Jerryscript Buffer Errors vulnerability in Jerryscript 1.0

JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.

6.8
2017-09-26 CVE-2017-14745 GNU Integer Overflow OR Wraparound vulnerability in GNU Binutils 2.29

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

6.8
2017-09-26 CVE-2017-7969 Schneider Electric Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests.

6.8
2017-09-25 CVE-2017-14734 Libbpg Project Buffer Errors vulnerability in Libbpg Project Libbpg 0.9.7

The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1.

6.8
2017-09-25 CVE-2015-7293 Plone
Zope
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.

6.8
2017-09-25 CVE-2015-5263 Pulpproject Improper Certificate Validation vulnerability in Pulpproject Pulp

pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.

6.8
2017-09-25 CVE-2015-5182 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache Activemq

Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.

6.8
2017-09-25 CVE-2010-3050 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).

6.8
2017-09-25 CVE-2017-14729 GNU Buffer Errors vulnerability in GNU Binutils 2.29

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

6.8
2017-09-25 CVE-2017-14683 Geminabox Project Cross-Site Request Forgery (CSRF) vulnerability in Geminabox Project Geminabox

geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.

6.8
2017-09-30 CVE-2015-9234 Cfpaypal SQL Injection vulnerability in Cfpaypal CP Contact Form With Paypal

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.

6.5
2017-09-29 CVE-2017-8448 Elastic Improper Privilege Management vulnerability in Elastic X-Pack

An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges.

6.5
2017-09-29 CVE-2017-7553 Redhat Server-Side Request Forgery (SSRF) vulnerability in Redhat Mobile Application Platform 4.4/4.4.3

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF).

6.5
2017-09-28 CVE-2017-14847 Dasinfomedia SQL Injection vulnerability in Dasinfomedia Wpams Apartment Management System

Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.

6.5
2017-09-28 CVE-2017-14846 Dasinfomedia SQL Injection vulnerability in Dasinfomedia Hospital Management System

Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.

6.5
2017-09-28 CVE-2017-14845 Dasinfomedia SQL Injection vulnerability in Dasinfomedia Wpchurch Church Management System

Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.

6.5
2017-09-28 CVE-2017-14844 Dasinfomedia SQL Injection vulnerability in Dasinfomedia Wpgym GYM Management System

Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.

6.5
2017-09-28 CVE-2017-14843 Dasinfomedia SQL Injection vulnerability in Dasinfomedia School Management System

Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.

6.5
2017-09-28 CVE-2017-14842 Dasinfomedia SQL Injection vulnerability in Dasinfomedia Smsmaster Multipurpose SMS Gateway

Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.

6.5
2017-09-28 CVE-2017-14840 Teamworktec Unrestricted Upload of File With Dangerous Type vulnerability in Teamworktec Ticketplus

TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.

6.5
2017-09-28 CVE-2017-14839 Teamworktec Unrestricted Upload of File With Dangerous Type vulnerability in Teamworktec Photo Fusion

TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.

6.5
2017-09-28 CVE-2017-14838 Teamworktec Unrestricted Upload of File With Dangerous Type vulnerability in Teamworktec JOB Links

TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.

6.5
2017-09-28 CVE-2017-14527 Opentext XXE vulnerability in Opentext Documentum Administrator and Documentum Webtop

Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.

6.5
2017-09-28 CVE-2017-14526 Opentext XXE vulnerability in Opentext Documentum Administrator and Documentum Webtop

Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.

6.5
2017-09-28 CVE-2017-11191 Freeipa Session Fixation vulnerability in Freeipa

** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session.

6.5
2017-09-27 CVE-2017-14764 Genixcms Code Injection vulnerability in Genixcms 1.1.4

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.

6.5
2017-09-27 CVE-2017-14763 Genixcms Unspecified vulnerability in Genixcms 1.1.4

In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.

6.5
2017-09-26 CVE-2017-1539 IBM Unspecified vulnerability in IBM Business Process Manager

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships.

6.5
2017-09-26 CVE-2017-5192 Saltstack Improper Authentication vulnerability in Saltstack Salt

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.

6.5
2017-09-26 CVE-2017-14704 Claydip Unrestricted Upload of File With Dangerous Type vulnerability in Claydip Airbnb Clone 1.0

Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.

6.5
2017-09-25 CVE-2015-5237 Google Out-Of-Bounds Write vulnerability in Google Protobuf

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

6.5
2017-09-27 CVE-2017-14766 Saadamin Improper Authentication vulnerability in Saadamin Simple Student Result

The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.

6.4
2017-09-29 CVE-2017-12232 Cisco Unspecified vulnerability in Cisco IOS

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

6.1
2017-09-29 CVE-2017-12222 Cisco Improper Input Validation vulnerability in Cisco IOS XE

A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition.

6.1
2017-09-30 CVE-2017-14925 Tiki Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php.

6.0
2017-09-30 CVE-2017-14924 Tiki Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.

6.0
2017-09-26 CVE-2017-13129 Zkteco Cross-Site Request Forgery (CSRF) vulnerability in Zkteco Zktime web 2.0.1.12280

Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.

6.0
2017-09-28 CVE-2017-14525 Opentext Open Redirect vulnerability in Opentext Documentum Administrator and Documentum Webtop

Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.

5.8
2017-09-28 CVE-2017-14524 Opentext Open Redirect vulnerability in Opentext Documentum Administrator and Documentum Webtop

Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.

5.8
2017-09-25 CVE-2015-4668 Xceedium Open Redirect vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0

Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.

5.8
2017-09-25 CVE-2017-1551 IBM Improper Input Validation vulnerability in IBM API Connect

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim.

5.8
2017-09-30 CVE-2017-13989 HP Unspecified vulnerability in HP products

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

5.5
2017-09-30 CVE-2017-13984 HP Improper Authentication vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.

5.5
2017-09-29 CVE-2017-8447 Elastic Improper Privilege Management vulnerability in Elastic X-Pack

An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement.

5.5
2017-09-26 CVE-2017-7972 Schneider Electric Unspecified vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.

5.2
2017-09-30 CVE-2017-14944 Inedo Improper Input Validation vulnerability in Inedo Proget

Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.

5.0
2017-09-30 CVE-2017-14935 Pulsesecure Improper Input Validation vulnerability in Pulsesecure Pulse ONE On-Premise 2.0.1649

Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.

5.0
2017-09-30 CVE-2017-14929 Freedesktop Infinite Loop vulnerability in Freedesktop Poppler 0.59.0

In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.

5.0
2017-09-30 CVE-2017-13991 HP Information Exposure vulnerability in HP products

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

5.0
2017-09-30 CVE-2017-13990 HP Information Exposure vulnerability in HP products

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

5.0
2017-09-29 CVE-2017-9790 Apache USE After Free vulnerability in Apache Mesos

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'.

5.0
2017-09-29 CVE-2017-7687 Apache Unspecified vulnerability in Apache Mesos

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function.

5.0
2017-09-28 CVE-2017-2551 Inpsyde Files OR Directories Accessible TO External Parties vulnerability in Inpsyde Backwpup

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.

5.0
2017-09-28 CVE-2017-1577 IBM Path Traversal vulnerability in IBM Websphere Portal

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system.

5.0
2017-09-28 CVE-2017-14849 Nodejs Path Traversal vulnerability in Nodejs Node.Js 8.5.0

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

5.0
2017-09-28 CVE-2015-3138 Tcpdump
Opensuse
Opensuse Project
Improper Input Validation vulnerability in multiple products

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

5.0
2017-09-26 CVE-2017-14739 Imagemagick Null Pointer Dereference vulnerability in Imagemagick 7.0.74

The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.

5.0
2017-09-26 CVE-2017-9962 Aveva Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Aveva Clearscada

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior.

5.0
2017-09-26 CVE-2017-9960 Schneider Electric Information Exposure vulnerability in Schneider-Electric U.Motion Builder 1.2.1

An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.

5.0
2017-09-26 CVE-2015-8707 Magento Information Exposure vulnerability in Magento

Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.

5.0
2017-09-26 CVE-2014-0997 Google
LG
Samsung
Motorola
Data Processing Errors vulnerability in Google Android 4.1.2/4.2.2/4.4.4

WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.

5.0
2017-09-25 CVE-2015-5184 Redhat Unspecified vulnerability in Redhat AMQ and Jboss Enterprise web Server

Console: CORS headers set to allow all in Red Hat AMQ.

5.0
2017-09-25 CVE-2015-5183 Redhat Unspecified vulnerability in Redhat Amq, Jboss A-Mq and Jboss Enterprise web Server

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.

5.0
2017-09-25 CVE-2015-7318 Plone Improper Input Validation vulnerability in Plone

Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.

5.0
2017-09-26 CVE-2017-9959 Schneider Electric Unspecified vulnerability in Schneider-Electric U.Motion Builder 1.2.1

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.

4.9
2017-09-25 CVE-2015-7317 Kupu Project
Plone
Permissions, Privileges, and Access Controls vulnerability in multiple products

Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.

4.9
2017-09-25 CVE-2010-3049 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).

4.9
2017-09-26 CVE-2015-3248 Openhpi Resource Exhaustion vulnerability in Openhpi 3.5.0

openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).

4.7
2017-09-30 CVE-2017-13684 Unisys Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Unisys Mcp-Firmware

Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption.

4.6
2017-09-28 CVE-2015-3643 USB Creator Project
Canonical
Permissions, Privileges, and Access Controls vulnerability in Usb-Creator Project Usb-Creator

usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.

4.6
2017-09-26 CVE-2017-9961 Schneider Electric Unspecified vulnerability in Schneider-Electric Pro-Face GP PRO EX 4.07.000

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code.

4.6
2017-09-28 CVE-2017-13676 Norton Code Injection vulnerability in Norton Remove & Reinstall

Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability.

4.4
2017-09-30 CVE-2017-14940 GNU Null Pointer Dereference vulnerability in GNU Binutils 2.29

scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.

4.3
2017-09-30 CVE-2017-14939 GNU Out-Of-Bounds Read vulnerability in GNU Binutils 2.29

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.

4.3
2017-09-30 CVE-2017-14938 GNU Allocation of Resources Without Limits OR Throttling vulnerability in GNU Binutils 2.29

_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.

4.3
2017-09-30 CVE-2017-14934 GNU Infinite Loop vulnerability in GNU Binutils 2.29

process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.

4.3
2017-09-30 CVE-2017-14933 GNU Infinite Loop vulnerability in GNU Binutils 2.29

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

4.3
2017-09-30 CVE-2017-14932 GNU Infinite Loop vulnerability in GNU Binutils 2.29

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

4.3
2017-09-30 CVE-2017-14931 Openexif Project Out-Of-Bounds Read vulnerability in Openexif Project Openexif 2.1.4

ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file.

4.3
2017-09-30 CVE-2017-14928 Freedesktop Null Pointer Dereference vulnerability in Freedesktop Poppler 0.59.0

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

4.3
2017-09-30 CVE-2017-14927 Freedesktop Null Pointer Dereference vulnerability in Freedesktop Poppler 0.59.0

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.

4.3
2017-09-30 CVE-2017-14926 Freedesktop Null Pointer Dereference vulnerability in Freedesktop Poppler 0.59.0

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

4.3
2017-09-30 CVE-2017-14920 Egroupware Cross-Site Scripting vulnerability in Egroupware

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.

4.3
2017-09-30 CVE-2017-14620 Smartertools Cross-Site Scripting vulnerability in Smartertools Smarterstats 11.3.6347

SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.

4.3
2017-09-30 CVE-2017-14582 Zohocorp Improper Certificate Validation vulnerability in Zohocorp Site24X7 Mobile Network Poller

The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.

4.3
2017-09-30 CVE-2017-14352 HP Cross-Site Scripting vulnerability in HP Ucmdb Configuration Manager

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23.

4.3
2017-09-30 CVE-2017-13986 HP Cross-Site Scripting vulnerability in HP products

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

4.3
2017-09-29 CVE-2017-8444 Elasticsearch Unspecified vulnerability in Elasticsearch Cloud Enterprise 1.0.0/1.0.1

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper.

4.3
2017-09-29 CVE-2017-7554 Redhat Cross-Site Scripting vulnerability in Redhat Mobile Application Platform 4.4

It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user.

4.3
2017-09-29 CVE-2017-14866 Exiv2 Buffer Errors vulnerability in Exiv2 0.26

There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26.

4.3
2017-09-29 CVE-2017-14865 Exiv2 Buffer Errors vulnerability in Exiv2 0.26

There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26.

4.3
2017-09-29 CVE-2017-14864 Exiv2
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26.

4.3
2017-09-29 CVE-2017-14863 Exiv2 Null Pointer Dereference vulnerability in Exiv2 0.26

A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26.

4.3
2017-09-29 CVE-2017-14862 Exiv2
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26.

4.3
2017-09-29 CVE-2017-14861 Exiv2 Uncontrolled Recursion vulnerability in Exiv2 0.26

There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26.

4.3
2017-09-29 CVE-2017-14860 Exiv2 Out-Of-Bounds Read vulnerability in Exiv2 0.26

There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26.

4.3
2017-09-29 CVE-2017-14859 Exiv2
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26.

4.3
2017-09-29 CVE-2017-14858 Exiv2 Buffer Errors vulnerability in Exiv2 0.26

There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26.

4.3
2017-09-29 CVE-2017-14857 Exiv2 USE After Free vulnerability in Exiv2 0.26

In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault.

4.3
2017-09-29 CVE-2017-12228 Cisco Improper Certificate Validation vulnerability in Cisco IOS and IOS XE

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate.

4.3
2017-09-29 CVE-2017-11479 Elastic
Elasticsearch
Cross-Site Scripting vulnerability in multiple products

Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

4.3
2017-09-29 CVE-2017-10701 SAP Cross-Site Scripting vulnerability in SAP Enterprise Portal 7.50

Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.

4.3
2017-09-29 CVE-2015-1027 Percona Information Exposure vulnerability in Percona Toolkit and Xtrabackup

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.

4.3
2017-09-28 CVE-2017-1591 IBM Cross-Site Scripting vulnerability in IBM Datapower Gateway

IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting.

4.3
2017-09-28 CVE-2017-14775 Laravel Information Exposure vulnerability in Laravel

Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.

4.3
2017-09-28 CVE-2017-14622 2Kblater Cross-Site Scripting vulnerability in 2Kblater 2KB Amazon Affiliates Store

Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.

4.3
2017-09-28 CVE-2015-7349 Vasco Cross-Site Scripting vulnerability in Vasco Digipass

Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter.

4.3
2017-09-28 CVE-2015-7256 Zyxel Cryptographic Issues vulnerability in Zyxel products

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.

4.3
2017-09-28 CVE-2014-9686 Mapsplugin Resource Management Errors vulnerability in Mapsplugin Googlemaps

The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php.

4.3
2017-09-28 CVE-2014-8878 KDE Cryptographic Issues vulnerability in KDE Kmail 4.11.5

KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.

4.3
2017-09-27 CVE-2017-14765 Genixcms Cross-Site Scripting vulnerability in Genixcms 1.1.4

In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.

4.3
2017-09-27 CVE-2017-14762 Genixcms Cross-Site Scripting vulnerability in Genixcms 1.1.4

In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.

4.3
2017-09-27 CVE-2017-14761 Genixcms Cross-Site Scripting vulnerability in Genixcms 1.1.4

In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.

4.3
2017-09-26 CVE-2017-14751 Intensewp Cross-Site Scripting vulnerability in Intensewp WP Jobs

The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.

4.3
2017-09-26 CVE-2015-7391 Testlink Cross-Site Scripting vulnerability in Testlink

Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php.

4.3
2017-09-26 CVE-2015-0874 OKB
Apple
Google
Improper Certificate Validation vulnerability in OKB Smart Passbook 1.0.0

Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.

4.3
2017-09-26 CVE-2017-14744 Baidu Cross-Site Scripting vulnerability in Baidu Ueditor

UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.

4.3
2017-09-26 CVE-2017-14741 Imagemagick Infinite Loop vulnerability in Imagemagick 7.0.73

The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.

4.3
2017-09-25 CVE-2017-14735 Antisamy Project Cross-Site Scripting vulnerability in Antisamy Project Antisamy

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

4.3
2017-09-25 CVE-2017-14733 Graphicsmagick
Debian
Out-Of-Bounds Read vulnerability in multiple products

ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

4.3
2017-09-25 CVE-2017-14731 Libofx Project Out-Of-Bounds Read vulnerability in Libofx Project Libofx 0.9.12

ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.

4.3
2017-09-25 CVE-2015-8251 Unify Information Exposure vulnerability in Unify products

OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys.

4.3
2017-09-25 CVE-2015-7785 Comicsmart Improper Certificate Validation vulnerability in Comicsmart Ganma! 2.0.9

GANMA! App for iOS does not verify SSL certificates.

4.3
2017-09-25 CVE-2015-5666 ANA Improper Certificate Validation vulnerability in ANA ALL Nippon Airways

ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.

4.3
2017-09-25 CVE-2015-5169 Apache Cross-Site Scripting vulnerability in Apache Struts

Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.

4.3
2017-09-25 CVE-2011-4667 Cisco Cryptographic Issues vulnerability in Cisco IOS and Nx-Os

The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions.

4.3
2017-09-25 CVE-2015-7316 Plone Cross-Site Scripting vulnerability in Plone

Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.

4.3
2017-09-25 CVE-2015-7315 Plone Improper Access Control vulnerability in Plone

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.

4.3
2017-09-25 CVE-2015-6748 Jsoup Cross-Site Scripting vulnerability in Jsoup

Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.

4.3
2017-09-25 CVE-2015-5282 Theforeman Cross-Site Scripting vulnerability in Theforeman Foreman

Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.

4.3
2017-09-25 CVE-2017-9551 Mahara Cross-Site Scripting vulnerability in Mahara

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g.

4.3
2017-09-30 CVE-2017-9794 Apache Information Exposure vulnerability in Apache Geode

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries.

4.0
2017-09-30 CVE-2017-13988 HP Unspecified vulnerability in HP products

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.

4.0
2017-09-30 CVE-2017-13987 HP Unspecified vulnerability in HP products

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.

4.0
2017-09-30 CVE-2017-13985 HP Path Traversal vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40

An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.

4.0
2017-09-28 CVE-2017-14841 Dasinfomedia Unrestricted Upload of File With Dangerous Type vulnerability in Dasinfomedia Annual Maintenance Contract Management System

Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.

4.0
2017-09-26 CVE-2015-5069 Wesnoth
Fedoraproject
Information Exposure vulnerability in multiple products

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.

4.0
2017-09-26 CVE-2017-7971 Schneider Electric Improper Certificate Validation vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.

4.0
2017-09-25 CVE-2015-5327 Linux Out-Of-Bounds Read vulnerability in Linux Kernel 4.3

Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.

4.0
2017-09-25 CVE-2017-1555 IBM Improper Input Validation vulnerability in IBM API Connect

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan.

4.0
2017-09-25 CVE-2017-1235 IBM Unspecified vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service.

4.0

24 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-09-26 CVE-2017-12154 Linux Unspecified vulnerability in Linux Kernel

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.

3.6
2017-09-30 CVE-2017-14923 Tine20 Cross-Site Scripting vulnerability in Tine20 Tine 2.0

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.

3.5
2017-09-30 CVE-2017-14922 Tine20 Cross-Site Scripting vulnerability in Tine20 Tine 2.0

Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.

3.5
2017-09-30 CVE-2017-14921 Tine20 Cross-Site Scripting vulnerability in Tine20 Tine 2.0

Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.

3.5
2017-09-28 CVE-2015-5613 Octobercms Cross-Site Scripting vulnerability in Octobercms October

Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612.

3.5
2017-09-27 CVE-2017-14753 Eyesofnetwork Cross-Site Scripting vulnerability in Eyesofnetwork 5.10

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.

3.5
2017-09-26 CVE-2017-1531 IBM Cross-Site Scripting vulnerability in IBM Business Process Manager

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting.

3.5
2017-09-26 CVE-2017-1530 IBM Cross-Site Scripting vulnerability in IBM Business Process Manager

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting.

3.5
2017-09-26 CVE-2017-14748 Blizzard Race Condition vulnerability in Blizzard Overwatch 1.15.0.2

Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match.

3.5
2017-09-26 CVE-2017-1425 IBM Cross-Site Scripting vulnerability in IBM Business Process Manager 8.0.1.1/8.5.7.0

IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting.

3.5
2017-09-26 CVE-2015-5070 Wesnoth
Fedoraproject
Information Exposure vulnerability in multiple products

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.

3.5
2017-09-25 CVE-2015-8375 PHP Fusion Cross-Site Scripting vulnerability in PHP-Fusion 9.00

Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.

3.5
2017-09-25 CVE-2015-5181 Redhat Cross-Site Scripting vulnerability in Redhat Jboss A-Mq

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.

3.5
2017-09-25 CVE-2017-1424 IBM Cross-Site Scripting vulnerability in IBM Business Process Manager 8.5.7.0

IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting.

3.5
2017-09-25 CVE-2017-14506 Geminabox Project Cross-Site Scripting vulnerability in Geminabox Project Geminabox

geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.

3.5
2017-09-29 CVE-2017-12238 Cisco Unspecified vulnerability in Cisco IOS

A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition.

3.3
2017-09-26 CVE-2017-7970 Schneider Electric Unspecified vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.

3.3
2017-09-26 CVE-2014-8889 Dropbox Information Exposure vulnerability in Dropbox SDK 1.5.4/1.6.1

Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.

2.6
2017-09-26 CVE-2017-1000252 Linux Reachable Assertion vulnerability in Linux Kernel

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.

2.1
2017-09-26 CVE-2017-14737 Botan Project Unspecified vulnerability in Botan Project Botan

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD.

2.1
2017-09-26 CVE-2015-0238 Redhat Information Exposure vulnerability in Redhat Openshift 2.0

selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.

2.1
2017-09-25 CVE-2015-7846 Huawei Information Exposure vulnerability in Huawei products

Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information.

2.1
2017-09-25 CVE-2017-1362 IBM Insufficiently Protected Credentials vulnerability in IBM Security Identity Manager 6.0/7.0

IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user.

2.1
2017-09-25 CVE-2017-1346 IBM Race Condition vulnerability in IBM Business Process Manager

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan.

1.9