Weekly Vulnerabilities Reports > October 2 to 8, 2017

Overview

251 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 45 high severity vulnerabilities. This weekly summary report vulnerabilities in 185 products from 101 vendors including Google, Jenkins, IBM, Debian, and Cisco. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "NULL Pointer Dereference", and "Improper Input Validation".

  • 224 reported vulnerabilities are remotely exploitables.
  • 27 reported vulnerabilities have public exploit available.
  • 77 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 197 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 25 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-10-05 CVE-2017-1000116 Mercurial
Debian
Redhat
OS Command Injection vulnerability in multiple products

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

10.0
2017-10-04 CVE-2017-0807 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the Android framework (ui framework).

10.0
2017-10-03 CVE-2017-8021 Dell Insecure Default Initialization of Resource vulnerability in Dell Elastic Cloud Storage 3.0

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.

10.0
2017-10-03 CVE-2017-13997 Schneider Electric Missing Authentication for Critical Function vulnerability in Schneider-Electric Wonderware Indusoft web Studio and Wonderware Intouch

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior.

10.0
2017-10-03 CVE-2015-7841 Huawei Command Injection vulnerability in Huawei products

The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command."

10.0
2017-10-05 CVE-2017-13993 I Sens Uncontrolled Search Path Element vulnerability in I-Sens Smartlog Diabetes Management Software

An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions.

9.3
2017-10-04 CVE-2017-0827 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the MediaTek soc driver.

9.3
2017-10-04 CVE-2017-0826 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the HTC bootloader.

9.3
2017-10-04 CVE-2017-0812 Google Out-of-bounds Read vulnerability in Google Android

An elevation of privilege vulnerability in the Android media framework (audio hal).

9.3
2017-10-04 CVE-2017-0811 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libhevc).

9.3
2017-10-04 CVE-2017-0810 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libmpeg2).

9.3
2017-10-04 CVE-2017-0809 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libstagefright).

9.3
2017-10-04 CVE-2017-0806 Google Deserialization of Untrusted Data vulnerability in Google Android

An elevation of privilege vulnerability in the Android framework (gatekeeperresponse).

9.3

45 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-10-06 CVE-2017-14086 Trendmicro Resource Exhaustion vulnerability in Trendmicro Officescan 11.0/12.0

Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.

7.8
2017-10-05 CVE-2017-12246 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software 9.4(3)/9.7(1)/9.8(0.56)

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.

7.8
2017-10-04 CVE-2017-0820 Google Unspecified vulnerability in Google Android

A vulnerability in the Android media framework (n/a).

7.8
2017-10-04 CVE-2017-0819 Google Incorrect Calculation vulnerability in Google Android

A vulnerability in the Android media framework (n/a).

7.8
2017-10-04 CVE-2017-0818 Google Missing Release of Resource after Effective Lifetime vulnerability in Google Android

A vulnerability in the Android media framework (n/a).

7.8
2017-10-04 CVE-2017-0814 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (n/a).

7.8
2017-10-03 CVE-2017-14496 Canonical
Debian
Google
Novell
Redhat
Thekelleys
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

7.8
2017-10-06 CVE-2015-2147 Phpbugtracker Project SQL Injection vulnerability in PHPbugtracker Project PHPbugtracker

Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.

7.5
2017-10-06 CVE-2015-2146 Phpbugtracker Project SQL Injection vulnerability in PHPbugtracker Project PHPbugtracker

Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php.

7.5
2017-10-06 CVE-2017-13069 Qnap Command Injection vulnerability in Qnap Music Station

QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier.

7.5
2017-10-06 CVE-2017-15047 Redislabs Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redislabs Redis 4.0.2

The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."

7.5
2017-10-06 CVE-2017-14089 Trendmicro Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/12.0

An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.

7.5
2017-10-05 CVE-2017-15041 Golang
Debian
Redhat
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution.
7.5
2017-10-05 CVE-2017-15032 Imagemagick
Canonical
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.

7.5
2017-10-05 CVE-2017-14000 Ctekproducts Improper Authentication vulnerability in Ctekproducts Skyrouter Z4200 Firmware and Skyrouter Z4400 Firmware

An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11.

7.5
2017-10-05 CVE-2017-13995 Spidercontrol Improper Authentication vulnerability in Spidercontrol Ininet Webserver

An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100.

7.5
2017-10-04 CVE-2017-12149 Redhat Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.

7.5
2017-10-04 CVE-2017-1541 IBM Improper Input Validation vulnerability in IBM AIX

A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly.

7.5
2017-10-04 CVE-2017-14491 Canonical
Debian
Novell
Redhat
Thekelleys
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

7.5
2017-10-04 CVE-2017-12822 Sentinel Missing Authentication for Critical Function vulnerability in Sentinel LDK RTE Firmware

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.

7.5
2017-10-04 CVE-2017-12821 Sentinel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sentinel LDK RTE Firmware

Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.

7.5
2017-10-04 CVE-2017-12819 Sentinel Improper Authentication vulnerability in Sentinel LDK RTE Firmware

Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.

7.5
2017-10-04 CVE-2017-0829 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the Motorola bootloader.

7.5
2017-10-04 CVE-2017-0828 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the Huawei bootloader.

7.5
2017-10-04 CVE-2017-0824 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the Broadcom wifi driver.

7.5
2017-10-04 CVE-2017-0822 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the Android system (camera).

7.5
2017-10-03 CVE-2017-6089 Phpcollab SQL Injection vulnerability in PHPcollab 2.5/2.5.1

SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php.

7.5
2017-10-03 CVE-2017-14759 Opentext XXE vulnerability in Opentext Document Sciences Xpression 4.5

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/.

7.5
2017-10-03 CVE-2017-14493 Canonical
Debian
Opensuse
Redhat
Thekelleys
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

7.5
2017-10-03 CVE-2017-14492 Canonical
Debian
Novell
Redhat
Thekelleys
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.

7.5
2017-10-03 CVE-2017-12639 Ipswitch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ipswitch Imail Server

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED.

7.5
2017-10-03 CVE-2017-12638 Ipswitch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ipswitch Imail Server

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE.

7.5
2017-10-03 CVE-2017-12620 Apache XXE vulnerability in Apache Opennlp

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources.

7.5
2017-10-03 CVE-2017-11497 Gemalto Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gemalto Sentinel LDK RTE

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.

7.5
2017-10-03 CVE-2017-11496 Gemalto Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gemalto Sentinel LDK RTE

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.

7.5
2017-10-06 CVE-2017-12730 Myscada Unquoted Search Path or Element vulnerability in Myscada Mypro 7/7.0.26

An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior.

7.2
2017-10-05 CVE-2017-12728 Spidercontrol Improper Privilege Management vulnerability in Spidercontrol Scada Webserver 2.02.0007

An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior.

7.2
2017-10-05 CVE-2017-1000253 Centos
Redhat
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015).

7.2
2017-10-05 CVE-2017-1000111 Linux
Redhat
Debian
Out-of-bounds Write vulnerability in multiple products

Linux kernel: heap out-of-bounds in AF_PACKET sockets.

7.2
2017-10-03 CVE-2017-11322 Ucopia OS Command Injection vulnerability in Ucopia Wireless Appliance

The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.

7.2
2017-10-03 CVE-2015-7358 Ciphershed
Truecrypt
Idrix
Permissions, Privileges, and Access Controls vulnerability in multiple products

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.

7.2
2017-10-03 CVE-2015-6971 Lenovo Command Injection vulnerability in Lenovo System Update 5.06.0027

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.

7.2
2017-10-03 CVE-2015-3321 Lenovo Permissions, Privileges, and Access Controls vulnerability in Lenovo Fingerprint Manager

Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.

7.2
2017-10-05 CVE-2017-12256 Cisco Unspecified vulnerability in Cisco Wide Area Application Services

A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device.

7.1
2017-10-04 CVE-2017-14997 Graphicsmagick
Debian
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.

7.1

157 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-10-06 CVE-2017-14088 Trendmicro Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan and Officescan XG

Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys.

6.9
2017-10-05 CVE-2017-1000112 Linux Race Condition vulnerability in Linux Kernel

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch.

6.9
2017-10-06 CVE-2015-2143 Phpbugtracker Project Cross-Site Request Forgery (CSRF) vulnerability in PHPbugtracker Project PHPbugtracker

Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.

6.8
2017-10-06 CVE-2015-5246 Theforeman 7PK - Security Features vulnerability in Theforeman Foreman 1.9.0

The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.

6.8
2017-10-06 CVE-2015-2158 Pngcrush Project Numeric Errors vulnerability in Pngcrush Project Pngcrush

Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.

6.8
2017-10-06 CVE-2017-15063 Intelliants Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error.

6.8
2017-10-06 CVE-2017-15056 UPX Project NULL Pointer Dereference vulnerability in UPX Project UPX 3.94

p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack().

6.8
2017-10-06 CVE-2017-14084 Trendmicro Unspecified vulnerability in Trendmicro Officescan 11.0/12.0

A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.

6.8
2017-10-05 CVE-2017-13992 Loytec Insufficient Entropy vulnerability in Loytec Lvis-3Me Firmware

An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0.

6.8
2017-10-05 CVE-2017-2920 Pl32 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pl32 Photoline 20.02

An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02.

6.8
2017-10-05 CVE-2017-2880 Pl32 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pl32 Photoline 20.02

An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02.

6.8
2017-10-05 CVE-2017-12106 Pl32 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pl32 Photoline 20.02

A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02.

6.8
2017-10-05 CVE-2017-14353 HP Code Injection vulnerability in HP Ucmdb Foundation Software

A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.

6.8
2017-10-05 CVE-2017-15037 Freebsd Race Condition vulnerability in Freebsd

In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.

6.8
2017-10-05 CVE-2017-15020 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.29

dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.

6.8
2017-10-05 CVE-2017-15019 Lame Project NULL Pointer Dereference vulnerability in Lame Project Lame 3.99.5

LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.

6.8
2017-10-05 CVE-2017-15017 Imagemagick
Canonical
NULL Pointer Dereference vulnerability in multiple products

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.

6.8
2017-10-05 CVE-2017-15016 Imagemagick
Canonical
NULL Pointer Dereference vulnerability in multiple products

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.

6.8
2017-10-05 CVE-2017-15015 Imagemagick
Canonical
NULL Pointer Dereference vulnerability in multiple products

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.

6.8
2017-10-05 CVE-2017-1000117 GIT SCM Open Redirect vulnerability in Git-Scm GIT

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed.

6.8
2017-10-05 CVE-2017-1000093 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Poll SCM

Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.

6.8
2017-10-05 CVE-2017-1000091 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source

GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g.

6.8
2017-10-05 CVE-2017-1000090 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Role-Based Authorization Strategy

Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.

6.8
2017-10-04 CVE-2017-8048 Pivotal
Cloudfoundry
In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application.
6.8
2017-10-04 CVE-2017-12617 Apache Unrestricted Upload of File with Dangerous Type vulnerability in Apache Tomcat

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.

6.8
2017-10-04 CVE-2017-12166 Openvpn Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openvpn

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

6.8
2017-10-03 CVE-2017-14754 Opentext Path Traversal vulnerability in Opentext Document Sciences Xpression

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename.

6.8
2017-10-03 CVE-2016-6806 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache Wicket

Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests.

6.8
2017-10-06 CVE-2015-2673 Wpeasycart Permissions, Privileges, and Access Controls vulnerability in Wpeasycart WP Easycart

The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.

6.5
2017-10-05 CVE-2017-13996 Loytec Path Traversal vulnerability in Loytec Lvis-3Me Firmware

A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0.

6.5
2017-10-05 CVE-2017-1000120 Frappe SQL Injection vulnerability in Frappe

[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.

6.5
2017-10-05 CVE-2017-1000119 Octobercms Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October 1.0.412

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

6.5
2017-10-05 CVE-2017-1000107 Jenkins Unspecified vulnerability in Jenkins Script Security 1.30

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions.

6.5
2017-10-05 CVE-2017-1000096 Jenkins Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Pipeline: Groovy

Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code.

6.5
2017-10-03 CVE-2017-6090 Phpcollab Unrestricted Upload of File with Dangerous Type vulnerability in PHPcollab 2.5/2.5.1

Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.

6.5
2017-10-03 CVE-2017-14848 Dasinfomedia SQL Injection vulnerability in Dasinfomedia Wphrm Human Resource Management System 1.0

WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.

6.5
2017-10-03 CVE-2017-14758 Opentext SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId.

6.5
2017-10-03 CVE-2017-14757 Opentext SQL Injection vulnerability in Opentext Document Sciences Xpression

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId.

6.5
2017-10-03 CVE-2017-1311 IBM SQL Injection vulnerability in IBM Insights Foundation for Energy 2.0

IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection.

6.5
2017-10-03 CVE-2017-11321 Ucopia OS Command Injection vulnerability in Ucopia Wireless Appliance

The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.

6.5
2017-10-03 CVE-2015-6576 Atlassian Code Injection vulnerability in Atlassian Bamboo

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.

6.5
2017-10-02 CVE-2017-14958 Pivotx Unrestricted Upload of File with Dangerous Type vulnerability in Pivotx 2.3.11

lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.

6.5
2017-10-06 CVE-2015-2142 Phpbugtracker Project Cross-Site Request Forgery (CSRF) vulnerability in PHPbugtracker Project PHPbugtracker

Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php.

6.0
2017-10-05 CVE-2017-13998 Loytec Insufficiently Protected Credentials vulnerability in Loytec Lvis-3Me Firmware

An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0.

6.0
2017-10-05 CVE-2017-1000086 Jenkins Missing Authorization vulnerability in Jenkins Periodic Backup

The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation.

6.0
2017-10-04 CVE-2017-8047 Cloudfoundry
Pivotal
Open Redirect vulnerability in multiple products

In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect.

5.8
2017-10-03 CVE-2017-9797 Apache Information Exposure vulnerability in Apache Geode

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages.

5.8
2017-10-05 CVE-2017-1000106 Jenkins Improper Authentication vulnerability in Jenkins Blue Ocean

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins.

5.5
2017-10-06 CVE-2015-1429 Cybelesoft Path Traversal vulnerability in Cybelesoft Thinfinity Remote Desktop Workstation 3.0.0.3

Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a ..

5.0
2017-10-06 CVE-2017-15079 Wpmudev Path Traversal vulnerability in Wpmudev Smush Image Compression and Optimization

The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.

5.0
2017-10-06 CVE-2017-9273 Microfocus Unspecified vulnerability in Microfocus Bi-Directional Driver

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.

5.0
2017-10-06 CVE-2017-9272 Microfocus Improper Input Validation vulnerability in Microfocus Bi-Directional Driver

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.

5.0
2017-10-06 CVE-2017-13068 Qnap SQL Injection vulnerability in Qnap QTS Helpdesk

QNAP has already patched this vulnerability.

5.0
2017-10-06 CVE-2017-1002153 Koji Project Improper Input Validation vulnerability in Koji Project Koji 1.13.0

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.

5.0
2017-10-06 CVE-2015-2297 Libcsoap Project NULL Pointer Dereference vulnerability in Libcsoap Project Libcsoap

nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.

5.0
2017-10-06 CVE-2017-1000254 Haxx Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Libcurl

libcurl may read outside of a heap allocated buffer when doing FTP.

5.0
2017-10-06 CVE-2017-14087 Trendmicro Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0

A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.

5.0
2017-10-06 CVE-2017-14085 Trendmicro Information Exposure vulnerability in Trendmicro Officescan 11.0/12.0

Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.

5.0
2017-10-06 CVE-2017-14083 Trendmicro Unspecified vulnerability in Trendmicro Officescan 11.0/12.0

A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.

5.0
2017-10-05 CVE-2016-8937 IBM Improper Authentication vulnerability in IBM Tivoli Storage Manager

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication.

5.0
2017-10-05 CVE-2017-15035 Emtec Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Emtec Pyrobatchftp

EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).

5.0
2017-10-05 CVE-2017-15033 Imagemagick
Canonical
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.

5.0
2017-10-05 CVE-2017-12270 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XR

A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops.

5.0
2017-10-05 CVE-2017-12267 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition.

5.0
2017-10-05 CVE-2017-12264 Cisco Improper Input Validation vulnerability in Cisco Meeting Server

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

5.0
2017-10-05 CVE-2017-12263 Cisco Path Traversal vulnerability in Cisco License Manager 3.2.6

A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal.

5.0
2017-10-05 CVE-2017-12245 Cisco Missing Release of Resource after Effective Lifetime vulnerability in Cisco Firepower Management Center

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability.

5.0
2017-10-05 CVE-2017-12244 Cisco Improper Input Validation vulnerability in Cisco Firepower Management Center

A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly.

5.0
2017-10-05 CVE-2017-9628 Saia Burgess Controls Information Exposure vulnerability in Saia Burgess Controls PCD Controllers Firmware

An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69.

5.0
2017-10-05 CVE-2017-1000118 Akka Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Akka Http Server 10.0.5

Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service

5.0
2017-10-05 CVE-2017-1000115 Mercurial
Debian
Redhat
Link Following vulnerability in multiple products

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

5.0
2017-10-05 CVE-2017-1000108 Jenkins Information Exposure vulnerability in Jenkins Pipeline-Input-Step

The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input.

5.0
2017-10-05 CVE-2017-1000105 Jenkins Missing Authorization vulnerability in Jenkins Blue Ocean

The optional Run/Artifacts permission can be enabled by setting a Java system property.

5.0
2017-10-05 CVE-2017-1000098 Golang Uncontrolled File Descriptor Consumption vulnerability in Golang GO 1.6.3/1.7.3

The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit.

5.0
2017-10-05 CVE-2017-1000097 Golang Improper Certificate Validation vulnerability in Golang GO 1.6.3/1.7.3

On Darwin, user's trust preferences for root certificates were not honored.

5.0
2017-10-05 CVE-2017-1000089 Jenkins Incorrect Default Permissions vulnerability in Jenkins Pipeline: Build Step

Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins.

5.0
2017-10-04 CVE-2017-15011 QT Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in QT

The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.

5.0
2017-10-04 CVE-2017-15010 Salesforce Resource Exhaustion vulnerability in Salesforce Tough-Cookie

A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js.

5.0
2017-10-04 CVE-2017-12820 Sentinel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sentinel LDK RTE Firmware

Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.

5.0
2017-10-04 CVE-2017-12818 Sentinel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sentinel LDK RTE Firmware

Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.

5.0
2017-10-04 CVE-2017-1126 IBM Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker

IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks.

5.0
2017-10-04 CVE-2017-11122 Broadcom
Apple
Information Exposure vulnerability in multiple products

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.

5.0
2017-10-04 CVE-2017-0825 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Broadcom wifi driver.

5.0
2017-10-04 CVE-2017-0823 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android system (rild).

5.0
2017-10-04 CVE-2017-0817 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (libstagefright).

5.0
2017-10-04 CVE-2017-0813 Google Missing Release of Resource after Effective Lifetime vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libstagefright).

5.0
2017-10-04 CVE-2017-0808 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android framework (file system).

5.0
2017-10-03 CVE-2017-8018 EMC
Microsoft
Improper Input Validation vulnerability in EMC Appsync 2.0/3.0.0/3.5

EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.

5.0
2017-10-03 CVE-2017-1569 IBM Unspecified vulnerability in IBM Websphere Commerce

IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service.

5.0
2017-10-03 CVE-2017-14979 Gxlcms Unspecified vulnerability in Gxlcms

Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.

5.0
2017-10-03 CVE-2017-14495 Canonical
Debian
Novell
Redhat
Thekelleys
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

5.0
2017-10-03 CVE-2017-13704 Canonical
Debian
Fedoraproject
Novell
Redhat
Thekelleys
Improper Input Validation vulnerability in multiple products

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value.

5.0
2017-10-03 CVE-2017-11498 Gemalto Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gemalto Sentinel LDK RTE

Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files.

5.0
2017-10-03 CVE-2014-0043 Apache Information Exposure vulnerability in Apache Wicket 1.5.10/6.13.0

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

5.0
2017-10-02 CVE-2017-14977 Freedesktop
Debian
NULL Pointer Dereference vulnerability in multiple products

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

5.0
2017-10-02 CVE-2017-14976 Freedesktop
Debian
Out-of-bounds Read vulnerability in multiple products

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.

5.0
2017-10-02 CVE-2017-14975 Freedesktop
Debian
NULL Pointer Dereference vulnerability in multiple products

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

5.0
2017-10-05 CVE-2017-12732 GE Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GE Intelligent Platforms Proficy Hmi/Scada Cimplicity

A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior.

4.9
2017-10-06 CVE-2014-0047 Docker Temporary File Creation vulnerability in Docker

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.

4.6
2017-10-05 CVE-2017-12266 Cisco Uncontrolled Search Path Element vulnerability in Cisco Meeting APP

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App.

4.6
2017-10-03 CVE-2017-14773 Skyboxsecurity Unspecified vulnerability in Skyboxsecurity Skybox Manager Client Application 8.5.500

Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state.

4.6
2017-10-03 CVE-2015-7359 Truecrypt
Ciphershed
Idrix
Permissions, Privileges, and Access Controls vulnerability in multiple products

The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes.

4.6
2017-10-06 CVE-2015-1828 Http RB Project Information Exposure vulnerability in Http.Rb Project Http.Rb

The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.

4.3
2017-10-06 CVE-2017-15084 Rapid7 Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Metasploit

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.

4.3
2017-10-06 CVE-2015-1206 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome

Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.

4.3
2017-10-06 CVE-2014-2903 Wolfssl Cryptographic Issues vulnerability in Wolfssl

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.

4.3
2017-10-06 CVE-2014-8758 Tech Banker Cross-site Scripting vulnerability in Tech-Banker Gallery Bank

Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php.

4.3
2017-10-06 CVE-2014-8492 Cozmoslabs Cross-site Scripting vulnerability in Cozmoslabs Profile Builder

Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.

4.3
2017-10-06 CVE-2014-7240 Formget Cross-site Scripting vulnerability in Formget Easy Contact Form Solution

Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php.

4.3
2017-10-06 CVE-2017-15046 Lame Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lame Project Lame

LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.

4.3
2017-10-06 CVE-2017-15045 Lame Project Out-of-bounds Read vulnerability in Lame Project Lame 3.99.5

LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410.

4.3
2017-10-05 CVE-2017-15042 Golang Cleartext Transmission of Sensitive Information vulnerability in Golang GO

An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1.

4.3
2017-10-05 CVE-2017-13994 Loytec Cross-site Scripting vulnerability in Loytec Lvis-3Me Firmware

A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0.

4.3
2017-10-05 CVE-2017-14354 HP Cross-site Scripting vulnerability in HP Ucmdb Foundation Software

A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.

4.3
2017-10-05 CVE-2017-12265 Cisco Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka HREF XSS.

4.3
2017-10-05 CVE-2017-12258 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack.

4.3
2017-10-05 CVE-2017-12257 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings Server

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.

4.3
2017-10-05 CVE-2017-15025 GNU Divide By Zero vulnerability in GNU Binutils 2.29

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.

4.3
2017-10-05 CVE-2017-15024 GNU Infinite Loop vulnerability in GNU Binutils 2.29

find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

4.3
2017-10-05 CVE-2017-15023 GNU NULL Pointer Dereference vulnerability in GNU Binutils 2.29

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

4.3
2017-10-05 CVE-2017-15022 GNU NULL Pointer Dereference vulnerability in GNU Binutils 2.29

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.

4.3
2017-10-05 CVE-2017-15021 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.29

bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.

4.3
2017-10-05 CVE-2017-15018 Lame Project Out-of-bounds Read vulnerability in Lame Project Lame

LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c.

4.3
2017-10-05 CVE-2017-1000114 Jenkins Information Exposure vulnerability in Jenkins Datadog

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration.

4.3
2017-10-05 CVE-2017-1000109 Jenkins Cross-site Scripting vulnerability in Jenkins Owasp Dependency-Check

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.

4.3
2017-10-05 CVE-2017-1000101 Haxx Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers.

4.3
2017-10-05 CVE-2017-1000100 Haxx Information Exposure vulnerability in Haxx Libcurl

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length.

4.3
2017-10-05 CVE-2017-1000099 Haxx Information Exposure vulnerability in Haxx Libcurl 7.54.1

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers.

4.3
2017-10-05 CVE-2017-1000085 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Subversion

Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g.

4.3
2017-10-04 CVE-2017-15009 Paessler Cross-site Scripting vulnerability in Paessler Prtg Network Monitor 17.3.33.2830

PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter.

4.3
2017-10-04 CVE-2017-14995 Wso2 Cross-site Scripting vulnerability in Wso2 products

The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS.

4.3
2017-10-04 CVE-2017-14994 Graphicsmagick
Debian
NULL Pointer Dereference vulnerability in multiple products

ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.

4.3
2017-10-04 CVE-2017-0816 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (libeffects).

4.3
2017-10-04 CVE-2017-0815 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (libeffects).

4.3
2017-10-03 CVE-2017-14989 Imagemagick Use After Free vulnerability in Imagemagick 7.0.74

A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.

4.3
2017-10-03 CVE-2017-14988 Openexr Resource Exhaustion vulnerability in Openexr 2.2.0

** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp.

4.3
2017-10-03 CVE-2017-14756 Opentext Cross-site Scripting vulnerability in Opentext Document Sciences Xpression 4.5

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).

4.3
2017-10-03 CVE-2017-14755 Opentext Cross-site Scripting vulnerability in Opentext Document Sciences Xpression 4.5

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.

4.3
2017-10-03 CVE-2017-14494 Canonical
Debian
Novell
Redhat
Thekelleys
Information Exposure vulnerability in multiple products

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

4.3
2017-10-03 CVE-2017-12792 Nexusphp Project Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5

Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.

4.3
2017-10-03 CVE-2015-7980 Compass Rose Project Cross-site Scripting vulnerability in Compass Rose Project Compass Rose 6.X1.0

Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."

4.3
2017-10-03 CVE-2015-7357 Udesign Project Cross-site Scripting vulnerability in Udesign Project Udesign

Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>.

4.3
2017-10-02 CVE-2017-14974 GNU NULL Pointer Dereference vulnerability in GNU Binutils 2.29

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

4.3
2017-10-02 CVE-2017-14970 Openvswitch Missing Release of Resource after Effective Lifetime vulnerability in Openvswitch

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages.

4.3
2017-10-02 CVE-2017-14957 Blogotext Project Cross-site Scripting vulnerability in Blogotext Project Blogotext

Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript.

4.3
2017-10-02 CVE-2017-14955 Tribe29 Race Condition vulnerability in Tribe29 Checkmk

Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.

4.3
2017-10-05 CVE-2017-1000110 Jenkins Improper Authentication vulnerability in Jenkins Blue Ocean

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins.

4.0
2017-10-05 CVE-2017-1000104 Jenkins Improper Privilege Management vulnerability in Jenkins Config File Provider

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords.

4.0
2017-10-05 CVE-2017-1000095 Jenkins Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Script Security 1.34

The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String).

4.0
2017-10-05 CVE-2017-1000094 Jenkins Information Exposure vulnerability in Jenkins Docker Commons 1.9

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry.

4.0
2017-10-05 CVE-2017-1000087 Jenkins Information Exposure vulnerability in Jenkins Github Branch Source

GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use.

4.0
2017-10-05 CVE-2017-1000084 Jenkins Incorrect Default Permissions vulnerability in Jenkins Parameterized Trigger

Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.

4.0
2017-10-04 CVE-2017-9792 Apache Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala 2.8.0/2.9.0

In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables.

4.0
2017-10-03 CVE-2017-9538 Solarwinds Improper Input Validation vulnerability in Solarwinds Network Performance Monitor 12.0/12.0.1/12.0.15300.90

The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field.

4.0
2017-10-03 CVE-2017-14990 Wordpress
Debian
Cleartext Storage of Sensitive Information vulnerability in multiple products

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).

4.0
2017-10-03 CVE-2015-7843 Huawei 7PK - Security Features vulnerability in Huawei products

The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack.

4.0
2017-10-02 CVE-2017-14941 Jaspersoft Information Exposure vulnerability in Jaspersoft Jasperreports 4.7.0

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.

4.0

36 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-10-05 CVE-2017-1301 IBM Link Following vulnerability in IBM Tivoli Storage Manager

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack.

3.6
2017-10-03 CVE-2017-14771 Skyboxsecurity Improper Input Validation vulnerability in Skyboxsecurity Skybox Manager Client Application 8.5.500

Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application.

3.6
2017-10-06 CVE-2015-2148 Phpbugtracker Project Cross-site Scripting vulnerability in PHPbugtracker Project PHPbugtracker

Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

3.5
2017-10-06 CVE-2015-2145 Phpbugtracker Project Cross-site Scripting vulnerability in PHPbugtracker Project PHPbugtracker

Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

3.5
2017-10-06 CVE-2015-2144 Phpbugtracker Project Cross-site Scripting vulnerability in PHPbugtracker Project PHPbugtracker

Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php.

3.5
2017-10-06 CVE-2014-8957 Openkm Cross-site Scripting vulnerability in Openkm 6.4.18

Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.

3.5
2017-10-05 CVE-2017-1522 IBM Cross-site Scripting vulnerability in IBM Content Navigator 2.0.3.8/3.0.0/3.0.1

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting.

3.5
2017-10-05 CVE-2017-12269 Cisco Cross-site Scripting vulnerability in Cisco Spark

A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack.

3.5
2017-10-05 CVE-2017-1000103 Jenkins Cross-site Scripting vulnerability in Jenkins DRY

The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.

3.5
2017-10-05 CVE-2017-1000102 Jenkins Cross-site Scripting vulnerability in Jenkins Static Analysis Utilities

The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.

3.5
2017-10-05 CVE-2017-1000088 Jenkins Cross-site Scripting vulnerability in Jenkins Sidebar Link

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects.

3.5
2017-10-04 CVE-2017-15008 Paessler Cross-site Scripting vulnerability in Paessler Prtg Network Monitor 17.3.33.2830

PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.

3.5
2017-10-03 CVE-2017-9537 Solarwinds Cross-site Scripting vulnerability in Solarwinds Network Performance Monitor 12.0.15300.90

Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.

3.5
2017-10-03 CVE-2017-14985 Eyesofnetwork Cross-site Scripting vulnerability in Eyesofnetwork 5.10

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.

3.5
2017-10-03 CVE-2017-14984 Eyesofnetwork Cross-site Scripting vulnerability in Eyesofnetwork 5.10

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php.

3.5
2017-10-03 CVE-2017-14983 Eyesofnetwork Cross-site Scripting vulnerability in Eyesofnetwork 5.10

Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php.

3.5
2017-10-03 CVE-2017-14981 Atutor Cross-site Scripting vulnerability in Atutor

Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3.

3.5
2017-10-03 CVE-2017-1429 IBM Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-10-03 CVE-2017-1369 IBM Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-10-03 CVE-2017-1364 IBM Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-10-03 CVE-2017-1359 IBM Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-10-03 CVE-2017-1345 IBM Cross-site Scripting vulnerability in IBM Insights Foundation for Energy 2.0

IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting.

3.5
2017-10-03 CVE-2017-1335 IBM Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-10-03 CVE-2017-1334 IBM Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-10-03 CVE-2017-1324 IBM Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-10-05 CVE-2017-1000092 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins GIT

Git Plugin connects to a user-specified Git repository as part of form validation.

2.6
2017-10-05 CVE-2017-1378 IBM Insufficiently Protected Credentials vulnerability in IBM Tivoli Storage Manager

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user.

2.1
2017-10-05 CVE-2017-1339 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Tivoli Storage Manager

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password.

2.1
2017-10-05 CVE-2017-1201 IBM Insufficiently Protected Credentials vulnerability in IBM Bigfix Security Compliance Analytics 1.9.79

IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user.

2.1
2017-10-05 CVE-2017-12268 Cisco Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client 4.5(822)

A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability.

2.1
2017-10-05 CVE-2017-1000113 Jenkins Information Exposure vulnerability in Jenkins Deploy

The Deploy to container Plugin stored passwords unencrypted as part of its configuration.

2.1
2017-10-04 CVE-2017-14991 Linux Information Exposure vulnerability in Linux Kernel

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

2.1
2017-10-03 CVE-2017-14772 Skyboxsecurity Information Exposure vulnerability in Skyboxsecurity Skybox Manager Client Application

Skybox Manager Client Application is prone to information disclosure via a username enumeration attack.

2.1
2017-10-03 CVE-2017-14770 Skyboxsecurity Information Exposure vulnerability in Skyboxsecurity Skybox Manager Client Application 8.5.500

Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes.

2.1
2017-10-02 CVE-2017-14954 Linux Information Exposure vulnerability in Linux Kernel

The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.

2.1
2017-10-06 CVE-2015-0296 TUG
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in TUG Texlive 3.1.20140525R34255.Fc21/6.20131226R32488.Fc20

The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.

1.2