Weekly Vulnerabilities Reports > November 13 to 19, 2017
Overview
439 new vulnerabilities reported during this period, including 53 critical vulnerabilities and 97 high severity vulnerabilities. This weekly summary report vulnerabilities in 408 products from 150 vendors including Microsoft, Google, Apple, Cisco, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Cross-site Scripting", "Improper Input Validation", and "Out-of-bounds Read".
- 343 reported vulnerabilities are remotely exploitables.
- 37 reported vulnerabilities have public exploit available.
- 85 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 392 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 69 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 12 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
53 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-11-17 | CVE-2017-16566 | Qacctv | Improper Authentication vulnerability in Qacctv Jooan A5 IP Camera Firmware 2.3.36 On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). | 10.0 |
2017-11-17 | CVE-2017-1000215 | Xrootd | OS Command Injection vulnerability in Xrootd ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution | 10.0 |
2017-11-17 | CVE-2017-1000169 | Quickerbb Project | Improper Input Validation vulnerability in Quickerbb Project Quickerbb 0.7.2 QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. | 10.0 |
2017-11-17 | CVE-2017-1000235 | I Librarian | OS Command Injection vulnerability in I-Librarian I Librarian I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | 10.0 |
2017-11-17 | CVE-2017-1000228 | EJS | Improper Input Validation vulnerability in EJS nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function | 10.0 |
2017-11-16 | CVE-2017-16844 | Procmail | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Procmail 3.22 Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. | 10.0 |
2017-11-16 | CVE-2017-12337 | Cisco | Improper Authentication vulnerability in Cisco products A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. | 10.0 |
2017-11-15 | CVE-2017-12739 | Siemens | Insecure Default Initialization of Resource vulnerability in Siemens Sm-2556 Firmware An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. | 10.0 |
2017-11-14 | CVE-2017-16820 | Collectd | Double Free vulnerability in Collectd The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). | 10.0 |
2017-11-13 | CVE-2017-14024 | Schneider Electric | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Wonderware Indusoft web Studio and Wonderware Intouch A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. | 10.0 |
2017-11-13 | CVE-2017-10871 | Nttdocomo | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nttdocomo Wi-Fi Station L-02F Firmware Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors. | 10.0 |
2017-11-13 | CVE-2017-13846 | Apple | Unspecified vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 10.0 |
2017-11-13 | CVE-2017-13815 | Apple | Unspecified vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 10.0 |
2017-11-17 | CVE-2017-1000158 | Python Debian | Integer Overflow or Wraparound vulnerability in multiple products CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) | 9.8 |
2017-11-15 | CVE-2017-12634 | Apache | Deserialization of Untrusted Data vulnerability in Apache Camel The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. | 9.8 |
2017-11-15 | CVE-2017-12633 | Apache | Deserialization of Untrusted Data vulnerability in Apache Camel The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. | 9.8 |
2017-11-14 | CVE-2017-12635 | Apache | Improper Privilege Management vulnerability in Apache Couchdb Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. | 9.8 |
2017-11-17 | CVE-2017-10887 | Bookwalker Microsoft | Untrusted Search Path vulnerability in Bookwalker Book Walker 1.2.5/1.2.9 Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 9.3 |
2017-11-16 | CVE-2017-0841 | Integer Overflow or Wraparound vulnerability in Google Android A remote code execution vulnerability in the Android system (libutils). | 9.3 | |
2017-11-16 | CVE-2017-0836 | Improper Validation of Array Index vulnerability in Google Android A remote code execution vulnerability in the Android media framework (libhevc). | 9.3 | |
2017-11-16 | CVE-2017-0835 | Unspecified vulnerability in Google Android A remote code execution vulnerability in the Android media framework (libmpeg2). | 9.3 | |
2017-11-16 | CVE-2017-0834 | Out-of-bounds Write vulnerability in Google Android A remote code execution vulnerability in the Android media framework (libmpeg2). | 9.3 | |
2017-11-16 | CVE-2017-0833 | Unspecified vulnerability in Google Android A remote code execution vulnerability in the Android media framework (libavc). | 9.3 | |
2017-11-16 | CVE-2017-0832 | Unspecified vulnerability in Google Android A remote code execution vulnerability in the Android media framework (libmpeg2). | 9.3 | |
2017-11-16 | CVE-2017-0831 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 8.0 An elevation of privilege vulnerability in the Android framework (window manager). | 9.3 | |
2017-11-16 | CVE-2017-0830 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android An elevation of privilege vulnerability in the Android framework (device policy client). | 9.3 | |
2017-11-16 | CVE-2017-11092 | Use After Free vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur. | 9.3 | |
2017-11-16 | CVE-2017-11015 | Classic Buffer Overflow vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in buffer overflow since the frame parser allows challenge text of length up to 253 bytes, but the driver can not handle challenge text larger than 128 bytes. | 9.3 | |
2017-11-16 | CVE-2017-11014 | Classic Buffer Overflow vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer overflow can occur. | 9.3 | |
2017-11-16 | CVE-2017-11013 | Classic Buffer Overflow vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no boundary check against "pIe->arraybound". | 9.3 | |
2017-11-15 | CVE-2017-11884 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel 2016 Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". | 9.3 |
2017-11-15 | CVE-2017-11882 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". | 9.3 |
2017-11-15 | CVE-2017-11854 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office, Office Compatibility Pack and Word Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability". | 9.3 |
2017-11-15 | CVE-2017-11847 | Microsoft | Unspecified vulnerability in Microsoft products Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | 9.3 |
2017-11-15 | CVE-2017-11827 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". | 9.3 |
2017-11-14 | CVE-2017-6264 | Linux | Out-of-bounds Read vulnerability in Linux Kernel An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. | 9.3 |
2017-11-13 | CVE-2017-14020 | Automationdirect | Uncontrolled Search Path Element vulnerability in Automationdirect products In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number DM-PGMSW) Versions 2.0.3 and prior; GS Drives Configuration Software (Part Number GSOFT) Versions 4.0.6 and prior; SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) Versions 1.1.0.5 and prior; and DirectSOFT Programming Software Versions 6.1 and prior, an uncontrolled search path element (DLL Hijacking) vulnerability has been identified. | 9.3 |
2017-11-13 | CVE-2017-10885 | Sbisec | Untrusted Search Path vulnerability in Sbisec Hyper SBI 2.2 Untrusted search path vulnerability in HYPER SBI Ver. | 9.3 |
2017-11-13 | CVE-2016-6803 | Apache Microsoft | Untrusted Search Path vulnerability in Apache Openoffice An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. | 9.3 |
2017-11-13 | CVE-2017-13843 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-11-13 | CVE-2017-13838 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-11-13 | CVE-2017-13834 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-11-13 | CVE-2017-13833 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-11-13 | CVE-2017-13830 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-11-13 | CVE-2017-13829 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-11-13 | CVE-2017-13811 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-11-13 | CVE-2017-13808 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-11-13 | CVE-2017-13800 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.3 |
2017-11-13 | CVE-2017-13799 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 9.3 |
2017-11-17 | CVE-2017-1000190 | Simplexml Project | XXE vulnerability in Simplexml Project Simplexml 2.7.1 SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. | 9.1 |
2017-11-17 | CVE-2017-1000203 | Cern | OS Command Injection vulnerability in Cern Root ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution | 9.0 |
2017-11-15 | CVE-2014-3150 | Orange | 7PK - Security Features vulnerability in Orange Livebox 1.1 Firmware 26014A Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | 9.0 |
2017-11-13 | CVE-2017-1453 | IBM | OS Command Injection vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0 IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 9.0 |
97 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-11-17 | CVE-2017-1000217 | Opencast | Injection vulnerability in Opencast Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. | 8.8 |
2017-11-15 | CVE-2017-7851 | D Link | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dcs-936L D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header. | 8.8 |
2017-11-13 | CVE-2017-11169 | Iball | Unspecified vulnerability in Iball Ib-Wra300N3Gt Firmware 1.1.1 Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi. | 8.8 |
2017-11-16 | CVE-2017-0854 | Out-of-bounds Read vulnerability in Google Android An information disclosure vulnerability in the Android media framework (n/a). | 8.5 | |
2017-11-16 | CVE-2017-0853 | Unspecified vulnerability in Google Android An information disclosure vulnerability in the Android media framework (n/a). | 8.5 | |
2017-11-17 | CVE-2017-16871 | Updraftplus | Code Injection vulnerability in Updraftplus The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. | 8.1 |
2017-11-17 | CVE-2017-16870 | Updraftplus | Server-Side Request Forgery (SSRF) vulnerability in Updraftplus The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. | 8.1 |
2017-11-16 | CVE-2017-16853 | Shibboleth Debian | Improper Verification of Cryptographic Signature vulnerability in multiple products The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105. | 8.1 |
2017-11-16 | CVE-2017-16852 | Shibboleth Debian | Improper Verification of Cryptographic Signature vulnerability in multiple products shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763. | 8.1 |
2017-11-17 | CVE-2017-13703 | Moxa | Improper Input Validation vulnerability in Moxa Eds-G512E Firmware 5.1 An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. | 7.8 |
2017-11-17 | CVE-2017-1000191 | Jool | Resource Exhaustion vulnerability in Jool 3.5.0/3.5.1 Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS. | 7.8 |
2017-11-17 | CVE-2017-16869 | UPX Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in UPX Project UPX 3.94 p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. | 7.8 |
2017-11-16 | CVE-2017-0859 | Unspecified vulnerability in Google Android Another vulnerability in the Android media framework (n/a). | 7.8 | |
2017-11-16 | CVE-2017-0858 | Improper Input Validation vulnerability in Google Android Another vulnerability in the Android media framework (n/a). | 7.8 | |
2017-11-16 | CVE-2017-0857 | Incorrect Conversion between Numeric Types vulnerability in Google Android Another vulnerability in the Android media framework (n/a). | 7.8 | |
2017-11-16 | CVE-2017-0852 | Out-of-bounds Write vulnerability in Google Android 5.0.2/5.1.1/6.0 A denial of service vulnerability in the Android media framework (libhevc). | 7.8 | |
2017-11-15 | CVE-2017-15115 | Linux Debian Suse Canonical | Use After Free vulnerability in multiple products The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. | 7.8 |
2017-11-15 | CVE-2017-15288 | Scala Lang | Incorrect Permission Assignment for Critical Resource vulnerability in Scala-Lang Scala The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | 7.8 |
2017-11-15 | CVE-2017-16832 | GNU | Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1 The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. | 7.8 |
2017-11-15 | CVE-2017-16831 | GNU | Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1 coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. | 7.8 |
2017-11-15 | CVE-2017-16830 | GNU | Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1 The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file. | 7.8 |
2017-11-15 | CVE-2017-16829 | GNU | Out-of-bounds Read vulnerability in GNU Binutils 2.29.1 The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file. | 7.8 |
2017-11-15 | CVE-2017-16828 | GNU | Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1 The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. | 7.8 |
2017-11-15 | CVE-2017-16827 | GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1 The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. | 7.8 |
2017-11-15 | CVE-2017-16826 | GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1 The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file. | 7.8 |
2017-11-15 | CVE-2017-11878 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability". | 7.8 |
2017-11-13 | CVE-2017-3166 | Apache | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Hadoop In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. | 7.8 |
2017-11-15 | CVE-2017-11873 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11871 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11870 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11869 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11866 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11862 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11861 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11858 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11856 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11855 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11845 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11843 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11841 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11840 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11839 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11838 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11837 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-15 | CVE-2017-11836 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
2017-11-17 | CVE-2017-16877 | Zeit | Path Traversal vulnerability in Zeit Next.Js ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. | 7.5 |
2017-11-17 | CVE-2017-1000212 | Alchemist Elixir | Unspecified vulnerability in Alchemist-Elixir Alchemist-Server Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. | 7.5 |
2017-11-17 | CVE-2017-1000206 | Htslib | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Htslib samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution | 7.5 |
2017-11-17 | CVE-2017-16872 | Teluu Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. | 7.5 |
2017-11-17 | CVE-2017-1000248 | Redis Store | Deserialization of Untrusted Data vulnerability in Redis-Store Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis | 7.5 |
2017-11-17 | CVE-2017-1000237 | I Librarian | Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I Librarian I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | 7.5 |
2017-11-17 | CVE-2017-1000232 | Nlnetlabs | Double Free vulnerability in Nlnetlabs Ldns 1.7.0 A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. | 7.5 |
2017-11-17 | CVE-2017-1000231 | Nlnetlabs | Double Free vulnerability in Nlnetlabs Ldns 1.7.0 A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. | 7.5 |
2017-11-17 | CVE-2017-1000173 | Creolabs | Out-of-bounds Read vulnerability in Creolabs Gravity 1.0 Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. | 7.5 |
2017-11-17 | CVE-2017-1000172 | Creolabs | Use After Free vulnerability in Creolabs Gravity 1.0 Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. | 7.5 |
2017-11-17 | CVE-2017-1000197 | Octobercms | Channel and Path Errors vulnerability in Octobercms October October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server. | 7.5 |
2017-11-17 | CVE-2017-1000196 | Octobercms | Code Injection vulnerability in Octobercms October October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. | 7.5 |
2017-11-17 | CVE-2017-1000194 | Octobercms | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | 7.5 |
2017-11-17 | CVE-2017-1000220 | Pidusage Project | OS Command Injection vulnerability in Pidusage Project Pidusage soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution | 7.5 |
2017-11-17 | CVE-2017-1000210 | Altran | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Altran Picotcp picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack | 7.5 |
2017-11-17 | CVE-2017-1000219 | Windows CPU Project | OS Command Injection vulnerability in Windows-Cpu Project Windows-Cpu 0.1.1/0.1.2 npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user | 7.5 |
2017-11-17 | CVE-2017-1000218 | Lightftp Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lightftp Project Lightftp 1.1 LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution. | 7.5 |
2017-11-16 | CVE-2017-0847 | Incorrect Default Permissions vulnerability in Google Android 8.0 An elevation of privilege vulnerability in the Android media framework (mediaanalytics). | 7.5 | |
2017-11-16 | CVE-2017-0909 | Private Address Check Project | Unspecified vulnerability in Private Address Check Project Private Address Check The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery. | 7.5 |
2017-11-16 | CVE-2017-16851 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. | 7.5 |
2017-11-16 | CVE-2017-16850 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. | 7.5 |
2017-11-16 | CVE-2017-16849 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. | 7.5 |
2017-11-16 | CVE-2017-16848 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. | 7.5 |
2017-11-16 | CVE-2017-16847 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. | 7.5 |
2017-11-16 | CVE-2017-16846 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. | 7.5 |
2017-11-15 | CVE-2017-8809 | Mediawiki Debian | Injection vulnerability in multiple products api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability. | 7.5 |
2017-11-15 | CVE-2017-11846 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.5 |
2017-11-14 | CVE-2017-10269 | Oracle | Unspecified vulnerability in Oracle Tuxedo Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). | 7.5 |
2017-11-14 | CVE-2017-6274 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. | 7.5 | |
2017-11-13 | CVE-2017-1710 | IBM | Unspecified vulnerability in IBM products A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. | 7.5 |
2017-11-13 | CVE-2016-8610 | Openssl Debian Redhat Netapp Paloaltonetworks Oracle Fujitsu | Resource Exhaustion vulnerability in multiple products A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. | 7.5 |
2017-11-13 | CVE-2017-0907 | Recurly | Server-Side Request Forgery (SSRF) vulnerability in Recurly Client .Net The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. | 7.5 |
2017-11-13 | CVE-2017-0906 | Recurly | Server-Side Request Forgery (SSRF) vulnerability in Recurly Client Python The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources. | 7.5 |
2017-11-13 | CVE-2017-0905 | Recurly | Server-Side Request Forgery (SSRF) vulnerability in Recurly Client Ruby The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources. | 7.5 |
2017-11-13 | CVE-2017-0889 | Thoughtbot | Server-Side Request Forgery (SSRF) vulnerability in Thoughtbot Paperclip Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. | 7.5 |
2017-11-13 | CVE-2017-13832 | Apple | Unspecified vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 7.5 |
2017-11-17 | CVE-2017-4934 | Vmware | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Fusion and Workstation VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. | 7.2 |
2017-11-16 | CVE-2017-0862 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the Upstream kernel kernel. | 7.2 | |
2017-11-16 | CVE-2017-0843 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the MediaTek ccci. | 7.2 | |
2017-11-16 | CVE-2017-0842 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android An elevation of privilege vulnerability in the Android system (bluetooth). | 7.2 | |
2017-11-16 | CVE-2017-0838 | Unspecified vulnerability in Google Android 7.0/7.1.1/7.1.2 An elevation of privilege vulnerability in the Android media framework (libstagefright). | 7.2 | |
2017-11-16 | CVE-2017-9690 | Integer Overflow or Wraparound vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow. | 7.2 | |
2017-11-16 | CVE-2017-0866 | Nvidia | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia Tegra X1 Firmware An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. | 7.2 |
2017-11-16 | CVE-2017-16777 | Hashicorp | Uncontrolled Search Path Element vulnerability in Hashicorp Vagrant 5.0.3 If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root. | 7.2 |
2017-11-16 | CVE-2017-12350 | Cisco | Use of Hard-coded Credentials vulnerability in Cisco Umbrella Insights Virtual Appliance A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. | 7.2 |
2017-11-16 | CVE-2017-12313 | Cisco | Improper Input Validation vulnerability in Cisco Packet Tracer An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. | 7.2 |
2017-11-16 | CVE-2017-12312 | Cisco | Improper Input Validation vulnerability in Cisco Advanced Malware Protection for Endpoints 3.1.0 An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. | 7.2 |
2017-11-16 | CVE-2017-12305 | Cisco | OS Command Injection vulnerability in Cisco IP Phone 8800 Series Firmware A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. | 7.2 |
2017-11-16 | CVE-2017-16834 | Pnp4Nagios | Incorrect Permission Assignment for Critical Resource vulnerability in Pnp4Nagios PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. | 7.2 |
2017-11-15 | CVE-2017-14961 | Ikarussecurity | Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.7 In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c. | 7.2 |
2017-11-14 | CVE-2017-12636 | Apache | OS Command Injection vulnerability in Apache Couchdb CouchDB administrative users can configure the database server via HTTP(S). | 7.2 |
2017-11-13 | CVE-2017-3767 | Realtek Lenovo | Unspecified vulnerability in Realtek Audio Driver Firmware A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. | 7.2 |
239 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-11-17 | CVE-2017-4937 | Vmware | Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. | 6.9 |
2017-11-17 | CVE-2017-4936 | Vmware | Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. | 6.9 |
2017-11-17 | CVE-2017-4935 | Vmware | Out-of-bounds Write vulnerability in VMWare Horizon View and Workstation VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. | 6.9 |
2017-11-15 | CVE-2017-15102 | Linux Redhat Canonical | NULL Pointer Dereference vulnerability in Linux Kernel The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. | 6.9 |
2017-11-17 | CVE-2017-4939 | Vmware | Untrusted Search Path vulnerability in VMWare Workstation VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. | 6.8 |
2017-11-17 | CVE-2017-1000229 | Optipng Project Debian | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. | 6.8 |
2017-11-17 | CVE-2017-1000208 | Swagger | Deserialization of Untrusted Data vulnerability in Swagger Swagger-Codegen and Swagger-Parser A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. | 6.8 |
2017-11-16 | CVE-2017-15516 | Netapp | Cross-Site Request Forgery (CSRF) vulnerability in Netapp Snapcenter Server 1.1/2.0 NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | 6.8 |
2017-11-16 | CVE-2017-4931 | Vmware | Improper Input Validation vulnerability in VMWare Airwatch VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. | 6.8 |
2017-11-16 | CVE-2017-14034 | Libbpg Project | Out-of-bounds Read vulnerability in Libbpg Project Libbpg 0.9.7 The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact. | 6.8 |
2017-11-16 | CVE-2017-13136 | Libbpg Project | Integer Overflow or Wraparound vulnerability in Libbpg Project Libbpg 0.9.7 The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference. | 6.8 |
2017-11-16 | CVE-2017-13135 | Libbpg Project | NULL Pointer Dereference vulnerability in Libbpg Project Libbpg 0.9.7 A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. | 6.8 |
2017-11-15 | CVE-2017-15806 | Zetacomponents | Code Injection vulnerability in Zetacomponents Mail The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | 6.8 |
2017-11-15 | CVE-2017-11876 | Microsoft | Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Project Server and Sharepoint Enterprise Server Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability". | 6.8 |
2017-11-14 | CVE-2017-10278 | Oracle | Unspecified vulnerability in Oracle Tuxedo Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). | 6.8 |
2017-11-14 | CVE-2017-3891 | Blackberry | Incorrect Authorization vulnerability in Blackberry QNX Software Development Platform 6.6.0 In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node. | 6.8 |
2017-11-13 | CVE-2017-14388 | Pivotal Software | Improper Input Validation vulnerability in Pivotal Software Grootfs Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. | 6.8 |
2017-11-13 | CVE-2017-0904 | Private Address Check Project | Improper Handling of Exceptional Conditions vulnerability in Private Address Check Project Private Address Check 0.1.0/0.2.0/0.3.0 The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery. | 6.8 |
2017-11-13 | CVE-2017-7132 | Apple | Resource Exhaustion vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13825 | Apple | Resource Exhaustion vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13824 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13816 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13814 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13813 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13812 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13809 | Apple | Improper Input Validation vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13807 | Apple | Improper Input Validation vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13803 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13802 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13798 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13797 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13796 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13795 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13794 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13793 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13792 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13791 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13788 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13785 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13784 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-13 | CVE-2017-13783 | Apple Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An issue was discovered in certain Apple products. | 6.8 |
2017-11-17 | CVE-2017-1000241 | Open EMR | Improper Privilege Management vulnerability in Open-Emr Openemr 5.0.1 The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. | 6.5 |
2017-11-17 | CVE-2017-1000238 | Invoiceplane | Unrestricted Upload of File with Dangerous Type vulnerability in Invoiceplane 1.4.10 InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. | 6.5 |
2017-11-15 | CVE-2014-4000 | Cacti | Code Injection vulnerability in Cacti Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | 6.5 |
2017-11-14 | CVE-2017-10272 | Oracle | Unspecified vulnerability in Oracle Tuxedo Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). | 6.5 |
2017-11-13 | CVE-2017-9314 | Dahuasecurity | Improper Authentication vulnerability in Dahuasecurity products Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. | 6.5 |
2017-11-17 | CVE-2017-16845 | Qemu Debian Canonical | Improper Input Validation vulnerability in multiple products hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. | 6.4 |
2017-11-17 | CVE-2017-1000195 | Octobercms | Deserialization of Untrusted Data vulnerability in Octobercms October October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. | 6.4 |
2017-11-16 | CVE-2017-5738 | Intel | Information Exposure vulnerability in Intel Unite 3.1.32.12/3.1.41.18/3.1.45.26 Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure. | 6.4 |
2017-11-16 | CVE-2017-8807 | Varnish Cache Varnish Cache Project Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects. | 6.4 |
2017-11-14 | CVE-2017-3893 | Blackberry | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Blackberry QNX Software Development Platform 6.6.0 In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks. | 6.4 |
2017-11-17 | CVE-2017-1000163 | Phoenixframework | Open Redirect vulnerability in Phoenixframework Phoenix The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks. | 5.8 |
2017-11-13 | CVE-2017-13831 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 5.8 |
2017-11-13 | CVE-2017-13820 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 5.8 |
2017-11-15 | CVE-2017-11877 | Microsoft | Unspecified vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability". | 5.5 |
2017-11-14 | CVE-2017-12624 | Apache | Unspecified vulnerability in Apache CXF Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. | 5.5 |
2017-11-13 | CVE-2017-1477 | IBM | XXE vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0 IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
2017-11-13 | CVE-2017-15525 | Symantec | Unspecified vulnerability in Symantec Endpoint Encryption Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | 5.5 |
2017-11-13 | CVE-2017-16808 | Tcpdump | Out-of-bounds Read vulnerability in Tcpdump 4.9.2 tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. | 5.5 |
2017-11-13 | CVE-2017-8806 | Postgresql | Link Following vulnerability in Postgresql The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | 5.5 |
2017-11-13 | CVE-2017-13782 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 5.5 |
2017-11-13 | CVE-2017-15526 | Symantec | NULL Pointer Dereference vulnerability in Symantec Endpoint Encryption Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. | 5.2 |
2017-11-19 | CVE-2017-16892 | Bftpd Project | Missing Release of Resource after Effective Lifetime vulnerability in Bftpd Project Bftpd In Bftpd before 4.7, there is a memory leak in the file rename function. | 5.0 |
2017-11-17 | CVE-2017-1000230 | Snap7 Project | Improper Input Validation vulnerability in Snap7 Project Snap7 Server 1.4.1 The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. | 5.0 |
2017-11-17 | CVE-2017-13702 | Moxa | Information Exposure vulnerability in Moxa Eds-G512E Firmware 5.1 An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. | 5.0 |
2017-11-17 | CVE-2017-1000170 | Jqueryfiletree Project | Path Traversal vulnerability in Jqueryfiletree Project Jqueryfiletree jqueryFileTree 2.1.5 and older Directory Traversal | 5.0 |
2017-11-17 | CVE-2017-1000192 | Cygnux | Unspecified vulnerability in Cygnux Syspass Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. | 5.0 |
2017-11-17 | CVE-2017-16875 | Teluu | Unspecified vulnerability in Teluu Pjsip An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. | 5.0 |
2017-11-17 | CVE-2017-1000211 | Lynx Project | Use After Free vulnerability in Lynx Project Lynx 2.8.9 Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. | 5.0 |
2017-11-17 | CVE-2017-4928 | Vmware | Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 5.5/6.0 The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. | 5.0 |
2017-11-17 | CVE-2017-4927 | Vmware | LDAP Injection vulnerability in VMWare Vcenter Server 6.0/6.5 VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. | 5.0 |
2017-11-17 | CVE-2017-1000226 | Fullworks | Information Exposure vulnerability in Fullworks Stop User Enumeration 1.3.8 Stop User Enumeration 1.3.8 allows user enumeration via the REST API | 5.0 |
2017-11-17 | CVE-2017-1000129 | S9Y | SQL Injection vulnerability in S9Y Serendipity 2.0.3 Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | 5.0 |
2017-11-17 | CVE-2017-1000125 | Codiad | Incorrect Permission Assignment for Critical Resource vulnerability in Codiad Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | 5.0 |
2017-11-17 | CVE-2017-1000247 | Codeigniter | Improper Input Validation vulnerability in Codeigniter 3.1.3 British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. | 5.0 |
2017-11-17 | CVE-2017-1000246 | Pysaml2 Project | Use of Insufficiently Random Values vulnerability in Pysaml2 Project Pysaml2 Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. | 5.0 |
2017-11-17 | CVE-2017-1000234 | I Librarian | Information Exposure vulnerability in I-Librarian I Librarian I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter | 5.0 |
2017-11-17 | CVE-2017-1000189 | EJS | Improper Input Validation vulnerability in EJS nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() | 5.0 |
2017-11-17 | CVE-2017-1000200 | Tcmu Runner Project | NULL Pointer Dereference vulnerability in Tcmu-Runner Project Tcmu-Runner tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service | 5.0 |
2017-11-17 | CVE-2017-1000199 | Tcmu Runner Project | Information Exposure vulnerability in Tcmu-Runner Project Tcmu-Runner tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. | 5.0 |
2017-11-17 | CVE-2017-1000198 | Tcmu Runner Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tcmu-Runner Project Tcmu-Runner tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service | 5.0 |
2017-11-16 | CVE-2017-0851 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libhevc). | 5.0 | |
2017-11-16 | CVE-2017-0850 | Information Exposure vulnerability in Google Android 7.0/7.1.1/7.1.2 An information disclosure vulnerability in the Android media framework (libstagefright). | 5.0 | |
2017-11-16 | CVE-2017-0849 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libavc). | 5.0 | |
2017-11-16 | CVE-2017-0848 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libeffects). | 5.0 | |
2017-11-16 | CVE-2017-0845 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android A denial of service vulnerability in the Android framework (syncstorageengine). | 5.0 | |
2017-11-16 | CVE-2017-0840 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libstagefright). | 5.0 | |
2017-11-16 | CVE-2017-0839 | Information Exposure vulnerability in Google Android An information disclosure vulnerability in the Android media framework (libeffects). | 5.0 | |
2017-11-16 | CVE-2017-9701 | Information Exposure vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory. | 5.0 | |
2017-11-16 | CVE-2017-9696 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. | 5.0 | |
2017-11-16 | CVE-2017-8279 | Race Condition vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. | 5.0 | |
2017-11-16 | CVE-2017-11093 | Out-of-bounds Read vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an upper-bound validation when reading "num_of_cea_blocks" from the untrusted source (EDID), kernel memory can be exposed. | 5.0 | |
2017-11-16 | CVE-2017-11090 | Out-of-bounds Read vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes. | 5.0 | |
2017-11-16 | CVE-2017-11089 | Out-of-bounds Read vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes | 5.0 | |
2017-11-16 | CVE-2017-11058 | Out-of-bounds Read vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur. | 5.0 | |
2017-11-16 | CVE-2017-11028 | Information Exposure vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data(). | 5.0 | |
2017-11-16 | CVE-2017-11022 | Information Exposure vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. | 5.0 | |
2017-11-16 | CVE-2017-16719 | Moxa | Injection vulnerability in Moxa products An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. | 5.0 |
2017-11-16 | CVE-2017-16715 | Moxa | Information Exposure vulnerability in Moxa products An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. | 5.0 |
2017-11-16 | CVE-2017-14028 | Moxa | Resource Exhaustion vulnerability in Moxa products A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. | 5.0 |
2017-11-16 | CVE-2017-12318 | Cisco | Resource Exhaustion vulnerability in Cisco RF Gateway 1 Firmware A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. | 5.0 |
2017-11-16 | CVE-2017-12316 | Cisco | Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Identity Services Engine Software 2.1(0.229) A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. | 5.0 |
2017-11-16 | CVE-2017-12311 | Cisco | Improper Input Validation vulnerability in Cisco Meeting Server A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. | 5.0 |
2017-11-16 | CVE-2017-12309 | Cisco | HTTP Response Splitting vulnerability in Cisco Email Security Appliance Firmware 10.0.2020/11.0.0105 A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. | 5.0 |
2017-11-16 | CVE-2017-12303 | Cisco | Improperly Implemented Security Check for Standard vulnerability in Cisco Asyncos 10.1.1234/10.1.1235 A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. | 5.0 |
2017-11-16 | CVE-2017-12300 | Cisco | Improper Input Validation vulnerability in Cisco Firepower Management Center A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. | 5.0 |
2017-11-16 | CVE-2017-12299 | Cisco | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 2.2(1.58) A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. | 5.0 |
2017-11-15 | CVE-2017-5533 | Tibco | Unspecified vulnerability in Tibco products A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. | 5.0 |
2017-11-15 | CVE-2017-15923 | Konversation Debian | Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. | 5.0 |
2017-11-15 | CVE-2017-15270 | Psftp | Improper Input Validation vulnerability in Psftp Psftpd 10.0.4 The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. | 5.0 |
2017-11-15 | CVE-2017-8815 | Mediawiki Debian | Improper Input Validation vulnerability in multiple products The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. | 5.0 |
2017-11-15 | CVE-2017-8814 | Mediawiki Debian | Improper Input Validation vulnerability in multiple products The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." | 5.0 |
2017-11-15 | CVE-2017-8812 | Mediawiki Debian | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. | 5.0 |
2017-11-15 | CVE-2017-8810 | Mediawiki Debian | Information Exposure vulnerability in multiple products MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests. | 5.0 |
2017-11-15 | CVE-2017-12737 | Siemens | Information Exposure vulnerability in Siemens Sm-2556 Firmware An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. | 5.0 |
2017-11-15 | CVE-2017-8700 | Microsoft | Unspecified vulnerability in Microsoft Asp.Net Core 1.0/1.1/2.0 ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". | 5.0 |
2017-11-15 | CVE-2017-11883 | Microsoft | Unspecified vulnerability in Microsoft Aspnetcore 1.0/1.1/2.0 .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability". | 5.0 |
2017-11-15 | CVE-2017-11788 | Microsoft | Unspecified vulnerability in Microsoft products Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability". | 5.0 |
2017-11-15 | CVE-2017-11770 | Microsoft | Improper Certificate Validation vulnerability in Microsoft Aspnetcore 1.0/1.1/2.0 .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. | 5.0 |
2017-11-14 | CVE-2017-10267 | Oracle | Information Exposure vulnerability in Oracle Tuxedo Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). | 5.0 |
2017-11-14 | CVE-2017-10266 | Oracle | Information Exposure vulnerability in Oracle Tuxedo Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). | 5.0 |
2017-11-14 | CVE-2017-3892 | Blackberry | Information Exposure vulnerability in Blackberry QNX Software Development Platform 6.6.0 In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources. | 5.0 |
2017-11-14 | CVE-2017-6275 | Information Exposure vulnerability in Google Android An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. | 5.0 | |
2017-11-13 | CVE-2017-1221 | IBM | Weak Password Requirements vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
2017-11-13 | CVE-2017-16806 | Ulterius | Path Traversal vulnerability in Ulterius Server 1.5.6.0/1.8.0.0 The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | 5.0 |
2017-11-13 | CVE-2017-16803 | Libav | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream. | 5.0 |
2017-11-13 | CVE-2017-10875 | Iodata | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata LAN Disk Connect Firmware I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. | 5.0 |
2017-11-15 | CVE-2017-11831 | Microsoft | Information Exposure vulnerability in Microsoft products Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". | 4.7 |
2017-11-18 | CVE-2017-16882 | Icinga | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. | 4.6 |
2017-11-16 | CVE-2017-0865 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the MediaTek soc driver. | 4.6 | |
2017-11-16 | CVE-2017-0864 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). | 4.6 | |
2017-11-16 | CVE-2017-0863 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the Upstream kernel video driver. | 4.6 | |
2017-11-16 | CVE-2017-0861 | Use After Free vulnerability in Google Android Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. | 4.6 | |
2017-11-16 | CVE-2017-0860 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the Android system (inputdispatcher). | 4.6 | |
2017-11-16 | CVE-2017-9721 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a buffer overflow can occur while parsing the splash image. | 4.6 | |
2017-11-16 | CVE-2017-9719 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range. | 4.6 | |
2017-11-16 | CVE-2017-9702 | Unspecified vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver. | 4.6 | |
2017-11-16 | CVE-2017-11091 | Use After Free vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early. | 4.6 | |
2017-11-16 | CVE-2017-11085 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in msm_audio_effects_virtualizer_handler, file msm-audio-effects-q6-v2.c | 4.6 | |
2017-11-16 | CVE-2017-11073 | Unspecified vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space. | 4.6 | |
2017-11-16 | CVE-2017-11038 | Unspecified vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use. | 4.6 | |
2017-11-16 | CVE-2017-11035 | Out-of-bounds Read vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and "csr_roam_issue_ft_preauth_req" due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size. | 4.6 | |
2017-11-16 | CVE-2017-11032 | Double Free vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in the service-locator driver function service_locator_send_msg(). | 4.6 | |
2017-11-16 | CVE-2017-11029 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. | 4.6 | |
2017-11-16 | CVE-2017-11027 | Improper Input Validation vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability. | 4.6 | |
2017-11-16 | CVE-2017-11026 | Use of Hard-coded Credentials vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys. | 4.6 | |
2017-11-16 | CVE-2017-11024 | Use After Free vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Free condition. | 4.6 | |
2017-11-16 | CVE-2017-11023 | Unspecified vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads. | 4.6 | |
2017-11-16 | CVE-2017-11018 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel | 4.6 | |
2017-11-16 | CVE-2017-11017 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible to corrupt memory, or access uninitialized memory. | 4.6 | |
2017-11-16 | CVE-2017-11012 | Out-of-bounds Write vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a stack-based buffer overflow can occur. | 4.6 | |
2017-11-16 | CVE-2017-4932 | Vmware | Unspecified vulnerability in VMWare Airwatch Launcher VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. | 4.6 |
2017-11-16 | CVE-2017-1087 | Freebsd | Path Traversal vulnerability in Freebsd In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. | 4.6 |
2017-11-16 | CVE-2017-12314 | Cisco | Uncontrolled Search Path Element vulnerability in Cisco Findit Network Discovery Utility 2.1 A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. | 4.6 |
2017-11-16 | CVE-2017-16837 | Trusted Boot Project | Improper Input Validation vulnerability in Trusted Boot Project Trusted Boot 1.9.6 Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers. | 4.6 |
2017-11-15 | CVE-2017-11830 | Microsoft | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft Windows 10, Windows Server and Windows Server 2016 Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability". | 4.6 |
2017-11-16 | CVE-2017-11025 | Race Condition vulnerability in Google Android In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur. | 4.4 | |
2017-11-18 | CVE-2017-16883 | Libming | NULL Pointer Dereference vulnerability in Libming The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file. | 4.3 |
2017-11-18 | CVE-2017-16881 | Symphony Project | Cross-site Scripting vulnerability in Symphony Project Symphony 2.2.0 b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java. | 4.3 |
2017-11-18 | CVE-2017-14077 | Phpcaptcha | Code Injection vulnerability in PHPcaptcha Securimage HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | 4.3 |
2017-11-17 | CVE-2017-1000128 | Exiv2 | Out-of-bounds Read vulnerability in Exiv2 0.26 Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser | 4.3 |
2017-11-17 | CVE-2017-1000127 | Exiv2 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exiv2 0.26 Exiv2 0.26 contains a heap buffer overflow in tiff parser | 4.3 |
2017-11-17 | CVE-2017-1000126 | Exiv2 | Out-of-bounds Read vulnerability in Exiv2 0.26 exiv2 0.26 contains a Stack out of bounds read in webp parser | 4.3 |
2017-11-17 | CVE-2017-16880 | Whoops Project | Cross-site Scripting vulnerability in Whoops Project Whoops The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS. | 4.3 |
2017-11-17 | CVE-2017-6168 | F5 | Information Exposure Through Discrepancy vulnerability in F5 products On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. | 4.3 |
2017-11-17 | CVE-2017-1000168 | Sodiumoxide Project | Unspecified vulnerability in Sodiumoxide Project Sodiumoxide sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys | 4.3 |
2017-11-17 | CVE-2017-4929 | Vmware | Cross-site Scripting vulnerability in VMWare NSX Edge VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. | 4.3 |
2017-11-17 | CVE-2017-10890 | Sharp | Session Fixation vulnerability in Sharp products Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors. | 4.3 |
2017-11-17 | CVE-2017-10888 | Bookwalker | Information Exposure vulnerability in Bookwalker Book Walker 1.2.5/1.2.9 BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors. | 4.3 |
2017-11-17 | CVE-2017-16868 | Swftools | NULL Pointer Dereference vulnerability in Swftools 0.9.2 In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file. | 4.3 |
2017-11-17 | CVE-2017-1000225 | Relevanssi | Cross-site Scripting vulnerability in Relevanssi 1.14.8 Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can | 4.3 |
2017-11-17 | CVE-2017-1000236 | I Librarian | Cross-site Scripting vulnerability in I-Librarian I Librarian I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. | 4.3 |
2017-11-17 | CVE-2017-1000188 | EJS | Cross-site Scripting vulnerability in EJS nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection | 4.3 |
2017-11-17 | CVE-2017-1000209 | NV Websocket Client Project | Improper Certificate Validation vulnerability in Nv-Websocket-Client Project Nv-Websocket-Client The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. | 4.3 |
2017-11-17 | CVE-2017-1000193 | Octobercms | Cross-site Scripting vulnerability in Octobercms October October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser. | 4.3 |
2017-11-17 | CVE-2017-1000187 | Swftools | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, an address access exception was found in pdf2swf. | 4.3 |
2017-11-17 | CVE-2017-1000186 | Swftools | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, a stack overflow was found in pdf2swf. | 4.3 |
2017-11-17 | CVE-2017-1000185 | Swftools | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, a memcpy buffer overflow was found in gif2swf. | 4.3 |
2017-11-17 | CVE-2017-1000182 | Swftools | Missing Release of Resource after Effective Lifetime vulnerability in Swftools In SWFTools, a memory leak was found in wav2swf. | 4.3 |
2017-11-17 | CVE-2017-1000176 | Swftools | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, a memcpy buffer overflow was found in swfc. | 4.3 |
2017-11-17 | CVE-2017-1000174 | Swftools | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, an address access exception was found in swfdump swf_GetBits(). | 4.3 |
2017-11-17 | CVE-2017-1000224 | Embedplus | Cross-Site Request Forgery (CSRF) vulnerability in Embedplus Youtube CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin | 4.3 |
2017-11-16 | CVE-2017-16866 | Finecms | Cross-site Scripting vulnerability in Finecms 5.2.0 dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field. | 4.3 |
2017-11-16 | CVE-2017-16560 | Sandisk | Insecure Storage of Sensitive Information vulnerability in Sandisk Secureaccess 3.01 SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes. | 4.3 |
2017-11-16 | CVE-2017-12323 | Cisco | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
2017-11-16 | CVE-2017-12322 | Cisco | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
2017-11-16 | CVE-2017-12321 | Cisco | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
2017-11-16 | CVE-2017-12320 | Cisco | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
2017-11-16 | CVE-2017-12304 | Cisco | Cross-site Scripting vulnerability in Cisco IOS 15.7(2.0Z)M A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. | 4.3 |
2017-11-16 | CVE-2017-12292 | Cisco | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
2017-11-16 | CVE-2017-12291 | Cisco | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
2017-11-16 | CVE-2017-12290 | Cisco | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
2017-11-16 | CVE-2017-16841 | Lansweeper | Cross-site Scripting vulnerability in Lansweeper LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. | 4.3 |
2017-11-16 | CVE-2017-16836 | Commscope | Cross-site Scripting vulnerability in Commscope Arris Tg1682G Firmware 10.0.59.Sip.Pc20.Ct Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | 4.3 |
2017-11-15 | CVE-2014-2845 | Cyberduck Microsoft | Improper Certificate Validation vulnerability in Cyberduck Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | 4.3 |
2017-11-15 | CVE-2017-15271 | Psftp | Use After Free vulnerability in Psftp Psftpd 10.0.4 A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. | 4.3 |
2017-11-15 | CVE-2017-16833 | Gemirro Project | Cross-site Scripting vulnerability in Gemirro Project Gemirro Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. | 4.3 |
2017-11-15 | CVE-2017-8811 | Mediawiki Debian | Improper Input Validation vulnerability in multiple products The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. | 4.3 |
2017-11-15 | CVE-2017-8808 | Mediawiki Debian | Cross-site Scripting vulnerability in multiple products MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | 4.3 |
2017-11-15 | CVE-2017-12738 | Siemens | Cross-site Scripting vulnerability in Siemens Sm-2556 Firmware An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. | 4.3 |
2017-11-15 | CVE-2017-11879 | Microsoft | Open Redirect vulnerability in Microsoft Asp.Net Core 2.0 ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". | 4.3 |
2017-11-15 | CVE-2017-11872 | Microsoft | Unspecified vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". | 4.3 |
2017-11-15 | CVE-2017-11863 | Microsoft | Improper Input Validation vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". | 4.3 |
2017-11-15 | CVE-2017-11853 | Microsoft | Information Exposure vulnerability in Microsoft products Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". | 4.3 |
2017-11-15 | CVE-2017-11848 | Microsoft | Information Exposure vulnerability in Microsoft Internet Explorer 11 Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability". | 4.3 |
2017-11-15 | CVE-2017-11844 | Microsoft | Information Exposure vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | 4.3 |
2017-11-15 | CVE-2017-11803 | Microsoft | Information Exposure vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | 4.3 |
2017-11-14 | CVE-2017-9371 | Blackberry | Insufficient Entropy in PRNG vulnerability in Blackberry QNX Software Development Platform 6.5.0/6.6.0 In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation. | 4.3 |
2017-11-14 | CVE-2017-16815 | Snapcreek | Cross-site Scripting vulnerability in Snapcreek Duplicator 1.2.28 installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly. | 4.3 |
2017-11-14 | CVE-2017-9085 | Kodak | Cross-site Scripting vulnerability in Kodak Insite Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp. | 4.3 |
2017-11-13 | CVE-2017-1229 | IBM | Information Exposure vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
2017-11-13 | CVE-2017-16805 | Radare | Out-of-bounds Read vulnerability in Radare Radare2 2.0.1 In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. | 4.3 |
2017-11-13 | CVE-2017-7739 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortios A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. | 4.3 |
2017-11-13 | CVE-2017-16792 | Geminabox Project | Cross-site Scripting vulnerability in Geminabox Project Geminabox Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb. | 4.3 |
2017-11-13 | CVE-2017-14711 | Kickbase | Insufficiently Protected Credentials vulnerability in Kickbase Bundesliga Manager The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication. | 4.3 |
2017-11-13 | CVE-2017-13852 | Apple | Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13849 | Apple | Improper Input Validation vulnerability in Apple Iphone OS, Tvos and Watchos An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13842 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13841 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13840 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13836 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13828 | Apple | Unspecified vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13823 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13822 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13821 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13819 | Apple | Cross-site Scripting vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13818 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13804 | Apple | Improper Input Validation vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13790 | Apple | Improper Input Validation vulnerability in Apple Safari An issue was discovered in certain Apple products. | 4.3 |
2017-11-13 | CVE-2017-13789 | Apple | Improper Input Validation vulnerability in Apple Safari An issue was discovered in certain Apple products. | 4.3 |
2017-11-17 | CVE-2017-1000221 | Apereo | Incorrect Permission Assignment for Critical Resource vulnerability in Apereo Opencast In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. | 4.0 |
2017-11-17 | CVE-2017-14111 | Philips | Insufficiently Protected Credentials vulnerability in Philips Intellispace Cardiovascular and Xcelera The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements. | 4.0 |
2017-11-17 | CVE-2017-10889 | Tablepress | XXE vulnerability in Tablepress TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. | 4.0 |
2017-11-16 | CVE-2017-15864 | Otrs Debian | In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password. | 4.0 |
2017-11-16 | CVE-2017-12302 | Cisco | SQL Injection vulnerability in Cisco Unified Communications Domain Manager A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.0 |
2017-11-15 | CVE-2017-15269 | Psftp | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Psftp Psftpd 10.0.4 The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. | 4.0 |
2017-11-14 | CVE-2017-9369 | Blackberry | Information Exposure vulnerability in Blackberry QNX Software Development Platform 6.5.0/6.6.0 In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader. | 4.0 |
2017-11-14 | CVE-2017-16239 | Openstack | Unspecified vulnerability in Openstack Nova In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). | 4.0 |
2017-11-13 | CVE-2017-16804 | Redmine Debian | Information Exposure vulnerability in multiple products In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. | 4.0 |
50 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-11-17 | CVE-2017-1000227 | Parallelus | Cross-site Scripting vulnerability in Parallelus Salutation 3.0.15 Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can | 3.5 |
2017-11-17 | CVE-2017-13700 | Moxa | Cross-site Scripting vulnerability in Moxa Eds-G512E Firmware 5.1 An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. | 3.5 |
2017-11-17 | CVE-2017-16819 | Icontime | Cross-site Scripting vulnerability in Icontime Rtc-1000 Firmware A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges. | 3.5 |
2017-11-17 | CVE-2017-10886 | CS Cart | Cross-site Scripting vulnerability in Cs-Cart and Cs-Cart Multivendor Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2017-11-17 | CVE-2017-1000223 | Modx | Cross-site Scripting vulnerability in Modx Revolution A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. | 3.5 |
2017-11-17 | CVE-2017-1000164 | Tine20 | Cross-site Scripting vulnerability in Tine20 Tine 2.0 2017.02.4 Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation | 3.5 |
2017-11-17 | CVE-2017-1000160 | Ellislab | Cross-site Scripting vulnerability in Expressionengine 3.4.2 EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection | 3.5 |
2017-11-17 | CVE-2017-1000240 | Open EMR | Cross-site Scripting vulnerability in Open-Emr Openemr The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. | 3.5 |
2017-11-17 | CVE-2017-1000239 | Invoiceplane | Cross-site Scripting vulnerability in Invoiceplane 1.4.10 InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site. | 3.5 |
2017-11-17 | CVE-2017-1000213 | Wbce | Cross-site Scripting vulnerability in Wbce CMS 1.1.11 WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search | 3.5 |
2017-11-16 | CVE-2017-4930 | Vmware | Cross-site Scripting vulnerability in VMWare Airwatch VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. | 3.5 |
2017-11-16 | CVE-2017-16843 | Vonage | Cross-site Scripting vulnerability in Vonage Vdv-23 Firmware 3.2.110.9.40 Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. | 3.5 |
2017-11-16 | CVE-2017-16842 | Yoast | Cross-site Scripting vulnerability in Yoast Wordpress SEO Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML. | 3.5 |
2017-11-15 | CVE-2017-5532 | Tibco | Cross-site Scripting vulnerability in Tibco products A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. | 3.5 |
2017-11-15 | CVE-2017-16821 | B3Log | Cross-site Scripting vulnerability in B3Log Symphony 2.2.0 b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid. | 3.5 |
2017-11-14 | CVE-2017-9394 | CA | Cross-site Scripting vulnerability in CA Identity Governance 12.6.0 A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | 3.5 |
2017-11-14 | CVE-2017-16810 | Octopus | Cross-site Scripting vulnerability in Octopus Deploy Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter. | 3.5 |
2017-11-13 | CVE-2017-16807 | Getkirby | Cross-site Scripting vulnerability in Getkirby Panel A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file. | 3.5 |
2017-11-13 | CVE-2017-16802 | Misp Project | Cross-site Scripting vulnerability in Misp-Project Misp 2.4.82 In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. | 3.5 |
2017-11-13 | CVE-2017-16801 | Octopus | Cross-site Scripting vulnerability in Octopus Deploy Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter. | 3.5 |
2017-11-16 | CVE-2017-16867 | Amazon | Unspecified vulnerability in Amazon KEY Firmware Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving. | 3.3 |
2017-11-15 | CVE-2017-11874 | Microsoft | Unspecified vulnerability in Microsoft Chakracore and Edge Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". | 2.6 |
2017-11-15 | CVE-2017-11834 | Microsoft | Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | 2.6 |
2017-11-15 | CVE-2017-11833 | Microsoft | Information Exposure vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". | 2.6 |
2017-11-15 | CVE-2017-11791 | Microsoft | Information Exposure vulnerability in Microsoft Chakracore, Edge and Internet Explorer ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | 2.6 |
2017-11-17 | CVE-2017-4938 | Vmware | NULL Pointer Dereference vulnerability in VMWare Fusion and Workstation VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. | 2.1 |
2017-11-17 | CVE-2017-1000201 | Tcmu Runner Project | Improper Input Validation vulnerability in Tcmu-Runner Project Tcmu-Runner The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack | 2.1 |
2017-11-17 | CVE-2017-15517 | Netapp | Information Exposure vulnerability in Netapp Altavault OST Plug-In AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. | 2.1 |
2017-11-16 | CVE-2017-1088 | Freebsd | Information Exposure vulnerability in Freebsd In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. | 2.1 |
2017-11-16 | CVE-2017-1086 | Freebsd | Information Exposure vulnerability in Freebsd In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. | 2.1 |
2017-11-16 | CVE-2017-12315 | Cisco | Information Exposure vulnerability in Cisco Hyperflex HX Data Platform 2.6(1A) A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. | 2.1 |
2017-11-16 | CVE-2017-12306 | Cisco | Download of Code Without Integrity Check vulnerability in Cisco Conference Director 20170815 A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. | 2.1 |
2017-11-15 | CVE-2014-0219 | Apache | Improper Input Validation vulnerability in Apache Karaf Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. | 2.1 |
2017-11-15 | CVE-2017-15272 | Psftp | Improper Authentication vulnerability in Psftp Psftpd 10.0.4 The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. | 2.1 |
2017-11-15 | CVE-2017-11835 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". | 2.1 |
2017-11-13 | CVE-2017-7113 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-11-13 | CVE-2017-13844 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-11-13 | CVE-2017-13817 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read issue was discovered in certain Apple products. | 2.1 |
2017-11-13 | CVE-2017-13810 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-11-13 | CVE-2017-13805 | Apple | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 2.1 |
2017-11-13 | CVE-2017-13801 | Apple | Information Exposure vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-11-13 | CVE-2017-13786 | Apple | Unspecified vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 2.1 |
2017-11-15 | CVE-2017-11880 | Microsoft | Information Exposure vulnerability in Microsoft products Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". | 1.9 |
2017-11-15 | CVE-2017-11852 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability". | 1.9 |
2017-11-15 | CVE-2017-11851 | Microsoft | Information Exposure vulnerability in Microsoft products The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". | 1.9 |
2017-11-15 | CVE-2017-11850 | Microsoft | Information Exposure vulnerability in Microsoft products Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability". | 1.9 |
2017-11-15 | CVE-2017-11849 | Microsoft | Information Exposure vulnerability in Microsoft products Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". | 1.9 |
2017-11-15 | CVE-2017-11842 | Microsoft | Information Exposure vulnerability in Microsoft products Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". | 1.9 |
2017-11-15 | CVE-2017-11832 | Microsoft | Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Server 2012 The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835. | 1.9 |
2017-11-15 | CVE-2017-11768 | Microsoft | Information Exposure vulnerability in Microsoft Windows Media Player Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. | 1.9 |