Weekly Vulnerabilities Reports > November 6 to 12, 2017

Overview

145 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 112 products from 74 vendors including Meetcircle, Linux, Matroska, Cesanta, and Debian. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "NULL Pointer Dereference", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 118 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 37 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 116 reported vulnerabilities are exploitable by an anonymous user.
  • Meetcircle has the most reported vulnerabilities, with 22 reported vulnerabilities.
  • Meetcircle has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-09 CVE-2015-7501 Redhat Deserialization of Untrusted Data vulnerability in Redhat products

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

10.0
2017-11-07 CVE-2008-7319 NET Ping External Project Command Injection vulnerability in Net-Ping-External Project Net-Ping-External

The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.

10.0
2017-11-06 CVE-2017-16638 VDE Project Incorrect Permission Assignment FOR Critical Resource vulnerability in VDE Project VDE

The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.

10.0
2017-11-08 CVE-2017-16667 Backintime Project OS Command Injection vulnerability in Backintime Project Backintime

backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py.

9.3
2017-11-08 CVE-2017-16659 The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.
9.3
2017-11-07 CVE-2017-2883 Meetcircle Unspecified vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1.

9.3
2017-11-06 CVE-2017-14029 Trihedral Uncontrolled Search Path Element vulnerability in Trihedral Vtscada

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior.

9.3
2017-11-08 CVE-2017-16660 Cacti Exposure of Resource TO Wrong Sphere vulnerability in Cacti 1.1.27

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.

9.0
2017-11-07 CVE-2017-16641 Cacti OS Command Injection vulnerability in Cacti 1.1.27

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

9.0
2017-11-07 CVE-2017-2917 Meetcircle OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1.

9.0
2017-11-07 CVE-2017-2916 Meetcircle Link Following vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1.

9.0
2017-11-07 CVE-2017-2890 Meetcircle OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1.

9.0
2017-11-07 CVE-2017-2866 Meetcircle OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney.

9.0

37 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-07 CVE-2017-2898 Meetcircle Race Condition vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney.

8.5
2017-11-07 CVE-2017-2865 Meetcircle Unspecified vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the firmware update functionality of Circle with Disney.

7.9
2017-11-10 CVE-2017-16249 Brother Unspecified vulnerability in Brother Dcp-J132W Firmware

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error.

7.8
2017-11-07 CVE-2017-2909 Cesanta Infinite Loop vulnerability in Cesanta Mongoose 6.8

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library.

7.8
2017-11-07 CVE-2017-2889 Meetcircle Resource Exhaustion vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1.

7.8
2017-11-07 CVE-2017-2884 Meetcircle Resource Exhaustion vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1.

7.8
2017-11-07 CVE-2017-2915 Meetcircle Unspecified vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1.

7.7
2017-11-10 CVE-2017-16783 Cmsmadesimple Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.

7.5
2017-11-10 CVE-2017-16780 Mybb Cross-Site Request Forgery (CSRF) vulnerability in Mybb

The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.

7.5
2017-11-10 CVE-2017-16764 Django Make APP Project Unspecified vulnerability in Django Make APP Project Django Make APP 0.1.3

An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3.

7.5
2017-11-10 CVE-2017-16763 Confire Project Unspecified vulnerability in Confire Project Confire 0.2.0

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0.

7.5
2017-11-10 CVE-2017-16521 Inedo Unspecified vulnerability in Inedo Buildmaster

In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.

7.5
2017-11-10 CVE-2017-16634 Joomla Improper Authentication vulnerability in Joomla Joomla!

In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.

7.5
2017-11-10 CVE-2017-16562 Userproplugin Improper Authentication vulnerability in Userproplugin Userpro

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.

7.5
2017-11-08 CVE-2015-3933 Metalgenix SQL Injection vulnerability in Metalgenix Genixcms 0.0.1/0.0.2/0.0.3

Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.

7.5
2017-11-08 CVE-2017-16618 Owlmixin Project Unspecified vulnerability in Owlmixin Project Owlmixin

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12.

7.5
2017-11-08 CVE-2017-16616 Pyanyapi Project Unspecified vulnerability in Pyanyapi Project Pyanyapi

An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1.

7.5
2017-11-08 CVE-2017-16615 Mlalchemy Project Unspecified vulnerability in Mlalchemy Project Mlalchemy

An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2.

7.5
2017-11-07 CVE-2017-16561 Ingenious School Management System Project SQL Injection vulnerability in Ingenious School Management System Project Ingenious School Management System 2.3.0

/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.

7.5
2017-11-07 CVE-2017-2922 Cesanta USE After Free vulnerability in Cesanta Mongoose 6.8

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8.

7.5
2017-11-07 CVE-2017-2921 Cesanta Integer Overflow OR Wraparound vulnerability in Cesanta Mongoose 6.8

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8.

7.5
2017-11-07 CVE-2017-2894 Cesanta Buffer Errors vulnerability in Cesanta Mongoose 6.8

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8.

7.5
2017-11-07 CVE-2017-2892 Cesanta Integer Overflow OR Wraparound vulnerability in Cesanta Mongoose 6.8

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8.

7.5
2017-11-07 CVE-2017-2891 Cesanta USE After Free vulnerability in Cesanta Mongoose 6.8

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8.

7.5
2017-11-07 CVE-2017-2864 Meetcircle Improper Authentication vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney.

7.5
2017-11-07 CVE-2017-12085 Meetcircle Unspecified vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure.

7.5
2017-11-06 CVE-2017-16548 Samba
Canonical
Debian
Out-Of-Bounds Read vulnerability in multiple products

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

7.5
2017-11-07 CVE-2017-16650 Linux Divide BY Zero vulnerability in Linux Kernel

The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-11-07 CVE-2017-16649 Linux Divide BY Zero vulnerability in Linux Kernel

The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-11-07 CVE-2017-16648 Linux USE After Free vulnerability in Linux Kernel

The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-11-07 CVE-2017-16647 Linux Null Pointer Dereference vulnerability in Linux Kernel

drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-11-07 CVE-2017-16646 Linux Null Pointer Dereference vulnerability in Linux Kernel

drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-11-07 CVE-2017-16645 Linux Out-Of-Bounds Read vulnerability in Linux Kernel

The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-11-07 CVE-2017-16644 Linux 7PK - Errors vulnerability in Linux Kernel

The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-11-07 CVE-2017-16643 Linux Out-Of-Bounds Read vulnerability in Linux Kernel

The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-11-06 CVE-2017-14031 Trihedral Improper Privilege Management vulnerability in Trihedral Vtscada

An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior.

7.2
2017-11-06 CVE-2017-16001 Hashicorp Race Condition vulnerability in Hashicorp Vagrant 5.0.1

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.

7.2

75 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-12 CVE-2017-16797 Swftools Integer Overflow OR Wraparound vulnerability in Swftools 0.9.2

In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file.

6.8
2017-11-12 CVE-2017-16796 Swftools Buffer Errors vulnerability in Swftools 0.9.2

In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.

6.8
2017-11-12 CVE-2017-16793 Swftools Buffer Errors vulnerability in Swftools 0.9.2

The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.

6.8
2017-11-10 CVE-2017-12969 Avaya Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avaya IP Office Contact Center

Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.

6.8
2017-11-10 CVE-2017-11309 Avaya Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avaya IP Office 10.0/10.1/9.1

Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.

6.8
2017-11-09 CVE-2017-16669 Graphicsmagick
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.

6.8
2017-11-08 CVE-2017-9096 Itextpdf XXE vulnerability in Itextpdf Itext

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.

6.8
2017-11-08 CVE-2017-12824 Inpage Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Inpage

Special crafted InPage document leads to arbitrary code execution in InPage reader.

6.8
2017-11-07 CVE-2017-2914 Meetcircle Improper Authentication vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1.

6.8
2017-11-07 CVE-2017-2882 Meetcircle Improper Input Validation vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1.

6.8
2017-11-06 CVE-2017-14016 Advantech Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.

6.8
2017-11-06 CVE-2017-15672 Ffmpeg
Debian
Out-Of-Bounds Read vulnerability in multiple products

The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.

6.8
2017-11-06 CVE-2017-16570 Keystonejs Cross-Site Request Forgery (CSRF) vulnerability in Keystonejs Keystone

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03.

6.8
2017-11-06 CVE-2017-16565 Grandstream Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware

Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.

6.8
2017-11-06 CVE-2017-16547 Graphicsmagick Improper Input Validation vulnerability in Graphicsmagick 1.3.26

The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.

6.8
2017-11-09 CVE-2017-16671 Digium Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk and Certified Asterisk

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7.

6.5
2017-11-06 CVE-2017-16524 Hanwhasecurity
Samsung
Unrestricted Upload of File With Dangerous Type vulnerability in Hanwhasecurity web Viewer 1.0.0.193

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory.

6.5
2017-11-10 CVE-2017-15638 Suse
Opensuse
Unspecified vulnerability in Suse Susefirewall2

The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.

6.4
2017-11-07 CVE-2017-2895 Cesanta Out-Of-Bounds Read vulnerability in Cesanta Mongoose 6.8

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8.

6.4
2017-11-07 CVE-2017-12096 Meetcircle Authentication Bypass BY Spoofing vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the WiFi management of Circle with Disney.

6.1
2017-11-07 CVE-2017-12094 Meetcircle Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1.

6.1
2017-11-07 CVE-2017-12084 Meetcircle Missing Authorization vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1.

6.0
2017-11-06 CVE-2017-16563 Grandstream Cross-Site Request Forgery (CSRF) vulnerability in Grandstream Ht802 Firmware

Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.

6.0
2017-11-10 CVE-2017-16761 Inedo Open Redirect vulnerability in Inedo Buildmaster

An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.

5.8
2017-11-10 CVE-2017-9758 Savitech IC Improper Certificate Validation vulnerability in Savitech-Ic Savitech Driver

Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."

5.8
2017-11-08 CVE-2017-15086 Redhat Unspecified vulnerability in Redhat Gluster Storage 3.3

It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

5.8
2017-11-07 CVE-2017-2881 Meetcircle Improper Input Validation vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1.

5.8
2017-11-11 CVE-2017-16520 Inedo Improper Privilege Management vulnerability in Inedo Buildmaster

Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.

5.0
2017-11-10 CVE-2017-16762 Sanic Project Path Traversal vulnerability in Sanic Project Sanic

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.

5.0
2017-11-10 CVE-2017-16754 Boltcms Incorrect Permission Assignment for Critical Resource vulnerability in Boltcms Bolt

Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.

5.0
2017-11-08 CVE-2017-11512 Manageengine Path Traversal vulnerability in Manageengine Servicedesk 9.3.9328

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL.

5.0
2017-11-08 CVE-2017-11511 Manageengine Information Exposure vulnerability in Manageengine Servicedesk 9.3.9328

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL.

5.0
2017-11-08 CVE-2017-15865 Frrouting
Cumulusnetworks
Information Exposure vulnerability in Frrouting

bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).

5.0
2017-11-08 CVE-2017-15087 Redhat Information Exposure vulnerability in Redhat Gluster Storage 3.3

It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

5.0
2017-11-08 CVE-2017-14360 HP Resource Exhaustion vulnerability in HP Content Manager 9.0

A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00.

5.0
2017-11-07 CVE-2017-16642 PHP
Debian
Canonical
Netapp
Out-Of-Bounds Read vulnerability in PHP

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function.

5.0
2017-11-07 CVE-2016-0872 Kabona Credentials Management vulnerability in Kabona Webdatorcentral

A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0.

5.0
2017-11-07 CVE-2017-2893 Cesanta Null Pointer Dereference vulnerability in Cesanta Mongoose 6.8

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8.

5.0
2017-11-07 CVE-2017-12083 Meetcircle Information Exposure vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1.

5.0
2017-11-07 CVE-2017-15887 Synology Improper Restriction of Excessive Authentication Attempts vulnerability in Synology Carddav Server

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.

5.0
2017-11-06 CVE-2017-12719 Advantech Null Pointer Dereference vulnerability in Advantech Webaccess

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.

5.0
2017-11-06 CVE-2017-11177 Websense Improper Input Validation vulnerability in Websense Triton AP Email 8.2

TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory.

5.0
2017-11-09 CVE-2017-16674 Datto Unspecified vulnerability in Datto Windows Agent 1.0.5.0

Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command.

4.9
2017-11-06 CVE-2017-15306 Linux Null Pointer Dereference vulnerability in Linux Kernel

The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.

4.9
2017-11-06 CVE-2017-16569 Zurmo Open Redirect vulnerability in Zurmo CRM 3.2.1.57987Acc3018

An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.

4.9
2017-11-09 CVE-2017-16757 Hola Incorrect Permission Assignment FOR Critical Resource vulnerability in Hola VPN 1.34

Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.

4.6
2017-11-09 CVE-2017-16651 Roundcube
Debian
Files OR Directories Accessible TO External Parties vulnerability in multiple products

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017.

4.6
2017-11-06 CVE-2017-13681 Symantec Unspecified vulnerability in Symantec Endpoint Protection

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.

4.6
2017-11-06 CVE-2015-7529 SOS Project
Canonical
Redhat
Link Following vulnerability in multiple products

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

4.6
2017-11-12 CVE-2017-16794 Swftools Out-Of-Bounds Read vulnerability in Swftools 0.9.2

The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.

4.3
2017-11-10 CVE-2017-16785 Cacti Cross-Site Scripting vulnerability in Cacti 1.1.27

Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.

4.3
2017-11-10 CVE-2017-16784 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.2

In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.

4.3
2017-11-10 CVE-2017-16782 Home Assistant Cross-Site Scripting vulnerability in Home-Assistant

In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.

4.3
2017-11-10 CVE-2017-16765 Dlink Cross-Site Scripting vulnerability in Dlink Dwr-933 Firmware 1.00(Ww)B17

XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.

4.3
2017-11-10 CVE-2017-16760 Inedo Cross-Site Scripting vulnerability in Inedo Buildmaster

Inedo BuildMaster before 5.8.2 has XSS.

4.3
2017-11-10 CVE-2017-12803 Matroska Null Pointer Dereference vulnerability in Matroska Mkclean 0.8.9

The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.

4.3
2017-11-10 CVE-2017-12802 Matroska Improper Input Validation vulnerability in Matroska Libebml2, Mkclean and Mkvalidator

The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.

4.3
2017-11-10 CVE-2017-12801 Matroska Improper Input Validation vulnerability in Matroska Libebml2, Mkclean and Mkvalidator

The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.

4.3
2017-11-10 CVE-2017-12800 Matroska Null Pointer Dereference vulnerability in Matroska Libebml2, Mkclean and Mkvalidator

The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.

4.3
2017-11-10 CVE-2017-12783 Matroska Improper Input Validation vulnerability in Matroska Libebml2, Mkclean and Mkvalidator

The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.

4.3
2017-11-10 CVE-2017-12782 Matroska Improper Input Validation vulnerability in Matroska Libebml2, Mkclean and Mkvalidator

The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.

4.3
2017-11-10 CVE-2017-12781 Matroska Null Pointer Dereference vulnerability in Matroska Libebml2, Mkclean and Mkvalidator

The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.

4.3
2017-11-10 CVE-2017-12780 Matroska USE After Free vulnerability in Matroska Libebml2, Mkclean and Mkvalidator

The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.

4.3
2017-11-10 CVE-2017-12779 Matroska Null Pointer Dereference vulnerability in Matroska Mkvalidator 0.5.1

The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.

4.3
2017-11-10 CVE-2017-11461 Netapp Improper Input Validation vulnerability in Netapp Oncommand Unified Manager 5.1

NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface.

4.3
2017-11-09 CVE-2017-16759 Librenms Path Traversal vulnerability in Librenms

The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.

4.3
2017-11-09 CVE-2017-16711 Swftools Null Pointer Dereference vulnerability in Swftools 0.9.2

The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.

4.3
2017-11-09 CVE-2017-16672 Digium Missing Release of Resource After Effective Lifetime vulnerability in Digium Asterisk and Certified Asterisk

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7.

4.3
2017-11-08 CVE-2017-15085 Redhat Information Exposure vulnerability in Redhat Gluster Storage 3.3

It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

4.3
2017-11-08 CVE-2017-16665 Remobjects Cross-Site Scripting vulnerability in Remobjects Remoting SDK 9 1.0.0.0.

RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.

4.3
2017-11-08 CVE-2017-16663 Sam2P Project Integer Overflow OR Wraparound vulnerability in Sam2P Project Sam2P 0.49.4

In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely.

4.3
2017-11-06 CVE-2017-7425 Netiq Cross-Site Scripting vulnerability in Netiq Imanager 3.0.3.2

Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.

4.3
2017-11-10 CVE-2017-16633 Joomla Information Exposure vulnerability in Joomla Joomla!

In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

4.0
2017-11-08 CVE-2017-16661 Cacti Information Exposure vulnerability in Cacti 1.1.27

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.

4.0
2017-11-06 CVE-2017-14023 Siemens Improper Input Validation vulnerability in Siemens Simatic Pcs7 and Simatic Wincc

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions.

4.0

20 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-06 CVE-2017-6331 Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.
3.6
2017-11-06 CVE-2017-13680 Symantec
Microsoft
Unspecified vulnerability in Symantec Endpoint Protection 14

Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.

3.6
2017-11-12 CVE-2017-16799 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple 2.2.3.1

In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.

3.5
2017-11-12 CVE-2017-16798 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.3.1

In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.

3.5
2017-11-10 CVE-2017-16781 Mybb Cross-Site Scripting vulnerability in Mybb

The installer in MyBB before 1.8.13 has XSS.

3.5
2017-11-10 CVE-2017-16568 Logitech Cross-Site Scripting vulnerability in Logitech Media Server 7.9.0

Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL.

3.5
2017-11-10 CVE-2017-16567 Logitech Cross-Site Scripting vulnerability in Logitech Media Server 7.9.0

Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite."

3.5
2017-11-09 CVE-2017-16758 Ultimate Instagram Feed Project Cross-Site Scripting vulnerability in Ultimate Instagram Feed Project Ultimate Instagram Feed

Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter.

3.5
2017-11-06 CVE-2017-16636 Bludit Cross-Site Scripting vulnerability in Bludit 1.5.2/2.0.1

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context.

3.5
2017-11-06 CVE-2017-16635 Tinywebgallery Cross-Site Scripting vulnerability in Tinywebgallery 2.4

In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module.

3.5
2017-11-06 CVE-2015-7878 Taxonomy Find Project Cross-Site Scripting vulnerability in Taxonomy Find Project Taxonomy Find

Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.

3.5
2017-11-06 CVE-2017-16564 Grandstream Cross-Site Scripting vulnerability in Grandstream Ht802 Firmware

Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).

3.5
2017-11-06 CVE-2017-15039 Zurmo Cross-Site Scripting vulnerability in Zurmo CRM 3.2.1.57987Acc3018

Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.

3.5
2017-11-09 CVE-2017-16673 Datto Information Exposure vulnerability in Datto Backup Agent 1.0.6.0

Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections.

2.9
2017-11-10 CVE-2017-5201 Netapp Information Exposure vulnerability in Netapp Clustered Data Ontap 8.1.4/9.0

NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.

2.7
2017-11-07 CVE-2017-2913 Meetcircle Improper Validation of Certificate With Host Mismatch vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the filtering functionality of Circle with Disney.

2.6
2017-11-07 CVE-2017-2912 Meetcircle Improper Validation of Certificate With Host Mismatch vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1.

2.6
2017-11-07 CVE-2017-2911 Meetcircle Improper Validation of Certificate With Host Mismatch vulnerability in Meetcircle Circle With Disney Firmware 2.0.1

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1.

2.6
2017-11-06 CVE-2017-16637 Perfect Privacy Improper Input Validation vulnerability in Perfect-Privacy VPN Manager 1.10.10/1.10.11

In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdvancedProtection" crash.

2.1
2017-11-06 CVE-2017-14025 ABB Improper Input Validation vulnerability in ABB Fox515T Firmware 1.0

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0.

2.1