Weekly Vulnerabilities Reports > October 30 to November 5, 2017

Overview

187 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 175 products from 76 vendors including Mahara, Apache, Cisco, Linux, and Debian. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".

  • 150 reported vulnerabilities are remotely exploitables.
  • 31 reported vulnerabilities have public exploit available.
  • 70 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 126 reported vulnerabilities are exploitable by an anonymous user.
  • Mahara has the most reported vulnerabilities, with 30 reported vulnerabilities.
  • Apache has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-03 CVE-2017-16523 Mitrastar Unspecified vulnerability in Mitrastar Dsl-100Hn-T1 Firmware and Gpt-2541Gnac Firmware

MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.

10.0
2017-11-02 CVE-2017-11767 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

10.0
2017-11-01 CVE-2017-14375 EMC
Dell
Authentication Bypass by Spoofing vulnerability in multiple products

EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system.

10.0
2017-11-01 CVE-2017-1000121 Webkitgtk Integer Overflow or Wraparound vulnerability in Webkitgtk Webkitgtk+

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process.

9.8
2017-11-01 CVE-2017-14027 Korenix Use of Hard-coded Credentials vulnerability in Korenix products

A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1.

9.8
2017-11-01 CVE-2017-14021 Korenix Use of Hard-coded Credentials vulnerability in Korenix products

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1.

9.8
2017-10-31 CVE-2017-14356 HP SQL Injection vulnerability in HP products

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1.

9.8
2017-10-30 CVE-2014-0073 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Cordova and Cordova In-App-Browser

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.

9.8
2017-10-30 CVE-2012-4449 Apache Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Hadoop

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.

9.8
2017-10-30 CVE-2015-3249 Apache Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Traffic Server 5.3.0

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.

9.8
2017-10-30 CVE-2014-3624 Apache Improper Access Control vulnerability in Apache Traffic Server 5.1.0

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.

9.8
2017-10-31 CVE-2017-10954 Bitdefender Integer Overflow or Wraparound vulnerability in Bitdefender Internet Security 2018

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918.

9.3
2017-11-03 CVE-2017-16522 Mitrastar Incorrect Default Permissions vulnerability in Mitrastar Dsl-100Hn-T1 Firmware and Gpt-2541Gnac Firmware

MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.

9.0
2017-10-31 CVE-2017-10940 Joyent Unrestricted Upload of File with Dangerous Type vulnerability in Joyent Triton Datacenter

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to [email protected] (e469cf49-4de3-4658-8419-ab42837916ad).

9.0
2017-10-30 CVE-2017-9377 Barco OS Command Injection vulnerability in Barco products

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10.

9.0
2017-10-30 CVE-2017-15597 XEN Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN 4.8.0/4.9.0

An issue was discovered in Xen through 4.9.x.

9.0

49 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-05 CVE-2017-16545 Graphicsmagick NULL Pointer Dereference vulnerability in Graphicsmagick 1.3.26

The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.

8.8
2017-11-02 CVE-2017-12277 Cisco Command Injection vulnerability in Cisco Firepower Extensible Operating System 1.1.4/2.0.1

A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges.

8.8
2017-11-01 CVE-2017-16352 Graphicsmagick
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file.

8.8
2017-10-31 CVE-2017-1000256 Redhat
Debian
Improper Certificate Validation vulnerability in multiple products

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

8.1
2017-11-04 CVE-2017-16526 Linux
Canonical
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.

7.8
2017-11-02 CVE-2017-12280 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Wireless LAN Controller Software

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.8
2017-11-05 CVE-2017-16543 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0

Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.

7.5
2017-11-03 CVE-2017-1000154 Mahara Improper Authentication vulnerability in Mahara

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.

7.5
2017-11-03 CVE-2017-1000153 Mahara Incorrect Permission Assignment for Critical Resource vulnerability in Mahara

Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account.

7.5
2017-11-03 CVE-2017-1000152 Mahara Unspecified vulnerability in Mahara

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served.

7.5
2017-11-03 CVE-2017-16516 Yajl Ruby Project
Debian
Use of Externally-Controlled Format String vulnerability in multiple products

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c.

7.5
2017-11-02 CVE-2017-16510 Wordpress SQL Injection vulnerability in Wordpress

WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.

7.5
2017-10-31 CVE-2017-15993 Zomato Clone Script Project SQL Injection vulnerability in Zomato Clone Script Project Zomato Clone Script

Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.

7.5
2017-10-31 CVE-2017-15992 Website Broker Script Project SQL Injection vulnerability in Website Broker Script Project Website Broker Script

Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.

7.5
2017-10-31 CVE-2017-15991 Vastal SQL Injection vulnerability in Vastal Agent Zone

Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.

7.5
2017-10-31 CVE-2017-15990 Savsofteproducts Unrestricted Upload of File with Dangerous Type vulnerability in Savsofteproducts PHPinventory

Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.

7.5
2017-10-31 CVE-2017-15989 Online Exam Test Application Project SQL Injection vulnerability in Online Exam Test Application Project Online Exam Test Application

Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.

7.5
2017-10-31 CVE-2017-15988 Nicephpscripts SQL Injection vulnerability in Nicephpscripts Nice PHP FAQ Script

Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.

7.5
2017-10-31 CVE-2017-15987 Fake Magazine Cover Script Project SQL Injection vulnerability in Fake Magazine Cover Script Project Fake Magazine Cover Script

Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.

7.5
2017-10-31 CVE-2017-15986 CPA Lead Reward Script Project SQL Injection vulnerability in CPA Lead Reward Script Project CPA Lead Reward Script

CPA Lead Reward Script allows SQL Injection via the username parameter.

7.5
2017-10-31 CVE-2017-15985 Readymadeb2Bscript SQL Injection vulnerability in Readymadeb2Bscript Basic B2B Script

Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.

7.5
2017-10-31 CVE-2017-15984 Bekirk SQL Injection vulnerability in Bekirk Creative Management System Lite 1.4

Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.

7.5
2017-10-31 CVE-2017-15983 Geniusocean SQL Injection vulnerability in Geniusocean Mymagazine Magazine & Blog CMS 1.0

MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

7.5
2017-10-31 CVE-2017-15982 Geniusocean SQL Injection vulnerability in Geniusocean News 1.0

Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

7.5
2017-10-31 CVE-2017-15981 Geniusocean SQL Injection vulnerability in Geniusocean Newspaper 1.0

Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

7.5
2017-10-31 CVE-2017-15980 Rowindex SQL Injection vulnerability in Rowindex US ZIP Codes Database Script 1.0

US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.

7.5
2017-10-31 CVE-2017-15979 Odallated SQL Injection vulnerability in Odallated Shareet 1.0

Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.

7.5
2017-10-31 CVE-2017-15978 Arox SQL Injection vulnerability in Arox School ERP PHP Script 1.0

AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.

7.5
2017-10-31 CVE-2017-15977 Protectedlinks SQL Injection vulnerability in Protectedlinks Expiring Download Links 1.0

Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.

7.5
2017-10-31 CVE-2015-9245 Progress Improper Access Control vulnerability in Progress Openedge

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.

7.5
2017-10-30 CVE-2017-10151 Oracle Unspecified vulnerability in Oracle Identity Manager

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account).

7.5
2017-10-30 CVE-2014-0072 Apache Improper Input Validation vulnerability in Apache Cordova and Cordova File Transfer

ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.

7.5
2017-10-30 CVE-2013-4366 Apache Improper Input Validation vulnerability in Apache Httpclient 4.3

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

7.5
2017-10-30 CVE-2014-0115 Apache Path Traversal vulnerability in Apache Storm 0.9.0.1

Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a ..

7.5
2017-10-30 CVE-2012-0881 Apache Resource Management Errors vulnerability in Apache Xerces2 Java 2.10.0/2.11.0/2.9.1

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

7.5
2017-10-30 CVE-2015-0224 Apache Data Processing Errors vulnerability in Apache Qpid

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set.

7.5
2017-10-30 CVE-2012-5358 Ektron Data Processing Errors vulnerability in Ektron Content Management System

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.

7.5
2017-10-30 CVE-2012-5357 Ektron Data Processing Errors vulnerability in Ektron Content Management System

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.

7.5
2017-11-04 CVE-2017-16538 Linux Improper Input Validation vulnerability in Linux Kernel

drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).

7.2
2017-11-04 CVE-2017-16537 Linux NULL Pointer Dereference vulnerability in Linux Kernel

The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-11-04 CVE-2017-16536 Linux NULL Pointer Dereference vulnerability in Linux Kernel

The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-11-04 CVE-2017-16535 Linux Out-of-bounds Read vulnerability in Linux Kernel

The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-11-04 CVE-2017-16531 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.

7.2
2017-11-04 CVE-2017-16525 Linux Use After Free vulnerability in Linux Kernel

The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.

7.2
2017-11-02 CVE-2017-12261 Cisco Incorrect Authorization vulnerability in Cisco products

A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges.

7.2
2017-11-02 CVE-2017-12243 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection.

7.2
2017-11-01 CVE-2017-15566 Schedmd Untrusted Search Path vulnerability in Schedmd Slurm

Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.

7.2
2017-11-01 CVE-2017-14376 EMC Use of Hard-coded Credentials vulnerability in EMC Appsync 2.0/3.0.0/3.5

EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system.

7.2
2017-10-30 CVE-2017-9450 Amazon Improper Privilege Management vulnerability in Amazon web Services Cloudformation Bootstrap

The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.

7.2

96 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-10-31 CVE-2017-15884 Hashicorp Race Condition vulnerability in Hashicorp Vagrant VMWare Fusion 5.0.0

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.

6.9
2017-11-05 CVE-2017-16546 Imagemagick
Canonical
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.

6.8
2017-11-04 CVE-2017-16534 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

6.8
2017-11-02 CVE-2017-10873 Osstech Improper Authentication vulnerability in Osstech Openam

OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors.

6.8
2017-11-02 CVE-2017-10870 Justsystems Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Justsystems products

Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.

6.8
2017-11-02 CVE-2017-10825 Flets W Untrusted Search Path vulnerability in Flets-W Flets Easy Setup Tool 1.2.0

Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

6.8
2017-11-01 CVE-2017-1300 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages GRC Platform

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2017-11-01 CVE-2017-16358 Radare Out-of-bounds Read vulnerability in Radare Radare2 2.0.1

In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.

6.8
2017-11-01 CVE-2017-16357 Radare Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 2.0.1

In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free.

6.8
2017-11-01 CVE-2017-1000244 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification

6.8
2017-11-01 CVE-2017-16244 Octobercms Cross-Site Request Forgery (CSRF) vulnerability in Octobercms October 1.0.426

Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account.

6.8
2017-10-31 CVE-2017-10953 Foxitsoftware Improper Input Validation vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878.

6.8
2017-10-31 CVE-2017-10948 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.2.1.6871

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871.

6.8
2017-10-31 CVE-2017-10947 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.2.1.6871

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871.

6.8
2017-10-31 CVE-2017-10946 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.2.1.6871

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871.

6.8
2017-10-31 CVE-2017-10945 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878.

6.8
2017-10-31 CVE-2017-10941 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878.

6.8
2017-10-31 CVE-2017-15950 Flexense Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Syncbreeze 10.1.16

Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution.

6.8
2017-11-04 CVE-2017-16533 Linux
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

6.6
2017-11-04 CVE-2017-16532 Linux
Debian
Canonical
NULL Pointer Dereference vulnerability in multiple products

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

6.6
2017-11-04 CVE-2017-16530 Linux Out-of-bounds Read vulnerability in Linux Kernel

The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.

6.6
2017-11-04 CVE-2017-16529 Linux
Canonical
Debian
Out-of-bounds Read vulnerability in multiple products

The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

6.6
2017-11-04 CVE-2017-16528 Linux
Canonical
Use After Free vulnerability in multiple products

sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.

6.6
2017-11-04 CVE-2017-16527 Linux
Canonical
Debian
Use After Free vulnerability in multiple products

sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.

6.6
2017-10-30 CVE-2017-1000255 Linux
IBM
Out-of-bounds Write vulnerability in Linux Kernel

On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer.

6.6
2017-11-05 CVE-2017-16542 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0

Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.

6.5
2017-11-03 CVE-2017-1000150 Mahara Session Fixation vulnerability in Mahara

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout.

6.5
2017-11-03 CVE-2017-1000148 Mahara Deserialization of Untrusted Data vulnerability in Mahara

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.

6.5
2017-11-03 CVE-2017-1000134 Mahara Incorrect Permission Assignment for Critical Resource vulnerability in Mahara

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.

6.5
2017-11-02 CVE-2017-11508 Tenable SQL Injection vulnerability in Tenable Securitycenter 5.5.0/5.5.1/5.5.2

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans.

6.5
2017-11-01 CVE-2017-14992 Docker Improper Input Validation vulnerability in Docker

Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.

6.5
2017-11-01 CVE-2017-16353 Graphicsmagick
Debian
Out-of-bounds Read vulnerability in multiple products

GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read.

6.5
2017-10-31 CVE-2017-14163 Mahara Session Fixation vulnerability in Mahara

An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3.

6.5
2017-10-30 CVE-2017-7411 Enalean Code Injection vulnerability in Enalean Tuleap

An issue was discovered in Enalean Tuleap 9.6 and prior versions.

6.5
2017-10-30 CVE-2016-3090 Apache Improper Input Validation vulnerability in Apache Struts

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.

6.5
2017-10-30 CVE-2013-4246 Apache Improper Access Control vulnerability in Apache Subversion 1.8.0/1.8.1

libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.

6.5
2017-11-01 CVE-2017-15535 Mongodb Unspecified vulnerability in Mongodb

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.

6.4
2017-10-31 CVE-2017-1000257 Haxx
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An IMAP FETCH response line indicates the size of the returned data, in number of bytes.

6.4
2017-11-02 CVE-2017-12275 Cisco Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software

A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

6.1
2017-11-02 CVE-2017-12274 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition.

6.1
2017-11-02 CVE-2017-12273 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition.

6.1
2017-10-31 CVE-2017-14358 HP Open Redirect vulnerability in HP products

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1.

6.1
2017-10-31 CVE-2017-14357 HP Cross-site Scripting vulnerability in HP products

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1.

6.1
2017-10-31 CVE-2016-10699 Dlink Cross-site Scripting vulnerability in Dlink Dsl-2740E Firmware 1.00Bg20150720

D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them.

6.1
2017-11-03 CVE-2017-1000147 Mahara Cross-Site Request Forgery (CSRF) vulnerability in Mahara

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget.

6.0
2017-11-03 CVE-2017-1000139 Mahara Server-Side Request Forgery (SSRF) vulnerability in Mahara

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list.

6.0
2017-10-30 CVE-2015-7549 Qemu NULL Pointer Dereference vulnerability in Qemu

The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.

6.0
2017-11-02 CVE-2017-12262 Cisco Improper Initialization vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module

A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device.

5.8
2017-11-02 CVE-2017-12282 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Wireless LAN Controller Software

A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

5.7
2017-11-03 CVE-2017-1000156 Mahara Improper Privilege Management vulnerability in Mahara

Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.

5.5
2017-11-03 CVE-2017-1000142 Mahara Unspecified vulnerability in Mahara

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.

5.5
2017-11-02 CVE-2017-12276 Cisco SQL Injection vulnerability in Cisco Prime Collaboration Provisioning

A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection.

5.5
2017-11-03 CVE-2017-14359 HP Cross-site Scripting vulnerability in HP Performance Center 12.20

A potential security vulnerability has been identified in HPE Performance Center versions 12.20.

5.4
2017-11-02 CVE-2017-12281 Cisco Improper Authentication vulnerability in Cisco products

A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device.

5.4
2017-11-01 CVE-2017-1001001 Pluxml Cross-site Scripting vulnerability in Pluxml 5.6

PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.

5.4
2017-11-02 CVE-2017-12278 Cisco Missing Release of Resource after Effective Lifetime vulnerability in Cisco Wireless LAN Controller Software

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition.

5.2
2017-11-04 CVE-2017-16540 Open EMR Information Exposure vulnerability in Open-Emr Openemr

OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.

5.0
2017-11-03 CVE-2017-1000171 Mahara Information Exposure Through Log Files vulnerability in Mahara Mobile 1.2.0

Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.

5.0
2017-11-03 CVE-2017-1000151 Mahara Information Exposure vulnerability in Mahara

Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.

5.0
2017-11-03 CVE-2017-1000133 Mahara Information Exposure vulnerability in Mahara

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.

5.0
2017-11-02 CVE-2017-12295 Cisco Information Exposure vulnerability in Cisco Webex Meetings Server

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application.

5.0
2017-11-01 CVE-2017-1333 IBM Information Exposure vulnerability in IBM Openpages GRC Platform

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system.

5.0
2017-11-01 CVE-2017-1148 IBM Information Exposure vulnerability in IBM Openpages GRC Platform

IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system.

5.0
2017-11-01 CVE-2017-1000122 Webkitgtk Improper Input Validation vulnerability in Webkitgtk Webkitgtk+

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process.

5.0
2017-11-01 CVE-2017-1000245 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins SSH

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol.

5.0
2017-11-01 CVE-2017-16248 Catalyst Plugin Static Simple Project Information Exposure vulnerability in Catalyst-Plugin-Static-Simple Project Catalyst-Plugin-Static-Simple

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.

5.0
2017-10-31 CVE-2017-3935 Mcafee Information Exposure vulnerability in Mcafee Network Data Loss Prevention

Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.

5.0
2017-10-30 CVE-2017-14919 Nodejs Improper Input Validation vulnerability in Nodejs Node.Js

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.

5.0
2017-10-30 CVE-2009-1197 Apache Improper Input Validation vulnerability in Apache Juddi 0.9/2.0

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.

5.0
2017-10-30 CVE-2017-15921 Watchdogdevelopment NULL Pointer Dereference vulnerability in Watchdogdevelopment Anti-Malware and Online Security PRO

In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010.

5.0
2017-10-30 CVE-2017-15920 Watchdogdevelopment NULL Pointer Dereference vulnerability in Watchdogdevelopment Anti-Malware and Online Security PRO

In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054.

5.0
2017-10-30 CVE-2015-0226 Apache Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Wss4J

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages.

5.0
2017-10-30 CVE-2014-3526 Apache Information Exposure vulnerability in Apache Wicket

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

5.0
2017-11-01 CVE-2017-1552 IBM Cross-site Scripting vulnerability in IBM Infosphere Biginsights 4.2.0/4.2.5

IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection.

4.9
2017-11-03 CVE-2017-16513 Ipswitch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ipswitch WS FTP

Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.

4.6
2017-11-03 CVE-2017-16237 Tgsoft Improper Input Validation vulnerability in Tgsoft Vir.It Explorer

In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.

4.6
2017-11-04 CVE-2017-16541 Torproject
Redhat
Debian
Information Exposure vulnerability in multiple products

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil.

4.3
2017-11-04 CVE-2017-16539 Mobyproject Information Exposure vulnerability in Mobyproject Moby

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.

4.3
2017-11-03 CVE-2017-1000136 Mahara Insufficient Session Expiration vulnerability in Mahara

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.

4.3
2017-11-01 CVE-2017-16359 Radare NULL Pointer Dereference vulnerability in Radare Radare2 2.0.1

In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.

4.3
2017-10-31 CVE-2017-10944 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878.

4.3
2017-10-31 CVE-2017-10943 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878.

4.3
2017-10-31 CVE-2017-10942 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878.

4.3
2017-10-31 CVE-2017-3934 Mcafee Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0

Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.

4.3
2017-10-31 CVE-2017-14373 EMC Cross-site Scripting vulnerability in EMC RSA Authentication Manager 8.1/8.2

EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

4.3
2017-10-30 CVE-2012-5636 Apache Cross-site Scripting vulnerability in Apache Wicket

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response.

4.3
2017-10-30 CVE-2009-1198 Apache Cross-site Scripting vulnerability in Apache Juddi

Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp.

4.3
2017-11-03 CVE-2017-1000155 Mahara Information Exposure vulnerability in Mahara

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.

4.0
2017-11-03 CVE-2017-1000145 Mahara Unspecified vulnerability in Mahara

Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.

4.0
2017-11-03 CVE-2017-1000143 Mahara Information Exposure vulnerability in Mahara

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.

4.0
2017-11-03 CVE-2017-1000135 Mahara Insufficient Session Expiration vulnerability in Mahara

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.

4.0
2017-11-03 CVE-2017-1000131 Mahara Insufficient Session Expiration vulnerability in Mahara

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.

4.0
2017-11-02 CVE-2017-3736 Openssl Information Exposure vulnerability in Openssl

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g.

4.0
2017-11-01 CVE-2017-1340 IBM Information Exposure vulnerability in IBM Jazz Reporting Service 6.0.4

IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with.

4.0
2017-11-01 CVE-2017-12625 Apache Information Exposure vulnerability in Apache Hive

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger.

4.0
2017-11-01 CVE-2017-1000243 Jenkins Missing Authorization vulnerability in Jenkins Favorite Plugin

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

4.0

26 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-03 CVE-2017-1000157 Mahara Information Exposure vulnerability in Mahara

Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.

3.5
2017-11-03 CVE-2017-1000149 Mahara Cross-site Scripting vulnerability in Mahara

Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())

3.5
2017-11-03 CVE-2017-1000146 Mahara Cross-site Scripting vulnerability in Mahara

Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.

3.5
2017-11-03 CVE-2017-1000144 Mahara Cross-site Scripting vulnerability in Mahara

Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.

3.5
2017-11-03 CVE-2017-1000140 Mahara Cross-site Scripting vulnerability in Mahara

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.

3.5
2017-11-03 CVE-2017-1000138 Mahara Cross-site Scripting vulnerability in Mahara 1.10/15.04

Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.

3.5
2017-11-03 CVE-2017-1000137 Mahara Cross-site Scripting vulnerability in Mahara 1.10/15.04

Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).

3.5
2017-11-03 CVE-2017-1000132 Mahara Cross-site Scripting vulnerability in Mahara

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.

3.5
2017-11-02 CVE-2017-12294 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings Server

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system.

3.5
2017-11-01 CVE-2017-1554 IBM Cross-site Scripting vulnerability in IBM Infosphere Biginsights 4.2.0/4.2.5

IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim.

3.5
2017-11-01 CVE-2017-1553 IBM Cross-site Scripting vulnerability in IBM Infosphere Biginsights 4.2.0/4.2.5

IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting.

3.5
2017-11-01 CVE-2017-1290 IBM Cross-site Scripting vulnerability in IBM Openpages GRC Platform

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting.

3.5
2017-11-01 CVE-2017-1147 IBM Cross-site Scripting vulnerability in IBM Openpages GRC Platform

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting.

3.5
2017-11-01 CVE-2016-3048 IBM Cross-site Scripting vulnerability in IBM Openpages GRC Platform

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting.

3.5
2017-10-31 CVE-2017-15273 Mahara Cross-site Scripting vulnerability in Mahara

Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.

3.5
2017-10-31 CVE-2017-14752 Mahara Cross-site Scripting vulnerability in Mahara

Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.

3.5
2017-10-31 CVE-2017-3933 Mcafee Cross-site Scripting vulnerability in Mcafee Network Data Loss Prevention

Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.

3.5
2017-10-30 CVE-2017-16230 Typecho Cross-site Scripting vulnerability in Typecho 1.1

In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit.

3.5
2017-10-30 CVE-2017-15888 Synology Cross-site Scripting vulnerability in Synology Audio Station

Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.

3.5
2017-10-30 CVE-2017-12460 Barco Cross-site Scripting vulnerability in Barco products

An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10.

3.5
2017-11-02 CVE-2017-12279 Cisco Information Exposure vulnerability in Cisco Aironet AP Firmware

A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information.

3.3
2017-11-02 CVE-2017-12283 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Aironet 3800 Firmware

A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service.

2.9
2017-11-01 CVE-2017-15918 Ignitum Insufficiently Protected Credentials vulnerability in Ignitum Sera 1.2

Sera 1.2 stores the user's login password in plain text in their home directory.

2.1
2017-11-01 CVE-2017-1000242 Jenkins Information Exposure vulnerability in Jenkins GIT Client

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure

2.1
2017-10-31 CVE-2017-1000383 GNU Information Exposure vulnerability in GNU Emacs

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.

2.1
2017-10-31 CVE-2017-1000382 VIM Information Exposure vulnerability in VIM

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.

2.1