Weekly Vulnerabilities Reports > November 13 to 19, 2017

Overview

439 new vulnerabilities reported during this period, including 60 critical vulnerabilities and 219 high severity vulnerabilities. This weekly summary report vulnerabilities in 312 products from 149 vendors including Google, Apple, Microsoft, Cisco, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Cross-site Scripting", "Improper Input Validation", and "Out-of-bounds Read".

  • 272 reported vulnerabilities are remotely exploitables.
  • 74 reported vulnerabilities have public exploit available.
  • 85 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 321 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 65 reported vulnerabilities.
  • Zohocorp has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

60 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-17 CVE-2017-16845 Qemu
Debian
Canonical
Improper Input Validation vulnerability in multiple products

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.

10.0
2017-11-14 CVE-2017-10269 Oracle Unspecified vulnerability in Oracle Tuxedo

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core).

10.0
2017-11-14 CVE-2017-10272 Oracle Unspecified vulnerability in Oracle Tuxedo

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core).

9.9
2017-11-17 CVE-2017-16566 Qacctv Improper Authentication vulnerability in Qacctv Jooan A5 IP Camera Firmware 2.3.36

On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow).

9.8
2017-11-17 CVE-2017-1000215 Xrootd OS Command Injection vulnerability in Xrootd 4.6.0

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution

9.8
2017-11-17 CVE-2017-1000169 Quickerbb Project Improper Input Validation vulnerability in Quickerbb Project Quickerbb 0.7.2

QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution.

9.8
2017-11-17 CVE-2017-1000192 Cygnux Unspecified vulnerability in Cygnux Syspass

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion.

9.8
2017-11-17 CVE-2017-1000212 Alchemist Elixir Unspecified vulnerability in Alchemist-Elixir Alchemist-Server

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server.

9.8
2017-11-17 CVE-2017-1000206 Htslib Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Htslib

samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution

9.8
2017-11-17 CVE-2017-16872 Teluu
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1.

9.8
2017-11-17 CVE-2017-1000158 Python
Debian
Integer Overflow or Wraparound vulnerability in multiple products

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

9.8
2017-11-17 CVE-2017-1000248 Redis Store Deserialization of Untrusted Data vulnerability in Redis-Store

Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis

9.8
2017-11-17 CVE-2017-1000237 I Librarian Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I Librarian

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.

9.8
2017-11-17 CVE-2017-1000235 I Librarian OS Command Injection vulnerability in I-Librarian I Librarian

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.

9.8
2017-11-17 CVE-2017-1000232 Nlnetlabs Double Free vulnerability in Nlnetlabs Ldns 1.7.0

A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.

9.8
2017-11-17 CVE-2017-1000231 Nlnetlabs Double Free vulnerability in Nlnetlabs Ldns 1.7.0

A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.

9.8
2017-11-17 CVE-2017-1000228 EJS Improper Input Validation vulnerability in EJS

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function

9.8
2017-11-17 CVE-2017-1000173 Creolabs Out-of-bounds Read vulnerability in Creolabs Gravity 1.0

Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution.

9.8
2017-11-17 CVE-2017-1000172 Creolabs Use After Free vulnerability in Creolabs Gravity 1.0

Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution.

9.8
2017-11-17 CVE-2017-1000197 Octobercms Channel and Path Errors vulnerability in Octobercms October

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.

9.8
2017-11-17 CVE-2017-1000196 Octobercms Code Injection vulnerability in Octobercms October

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.

9.8
2017-11-17 CVE-2017-1000194 Octobercms Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.

9.8
2017-11-17 CVE-2017-1000220 Pidusage Project OS Command Injection vulnerability in Pidusage Project Pidusage

soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution

9.8
2017-11-17 CVE-2017-1000210 Altran Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Altran Picotcp

picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack

9.8
2017-11-17 CVE-2017-1000219 Windows CPU Project OS Command Injection vulnerability in Windows-Cpu Project Windows-Cpu 0.1.1/0.1.2

npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user

9.8
2017-11-17 CVE-2017-1000218 Lightftp Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lightftp Project Lightftp 1.1

LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.

9.8
2017-11-16 CVE-2017-0847 Google Incorrect Default Permissions vulnerability in Google Android 8.0

An elevation of privilege vulnerability in the Android media framework (mediaanalytics).

9.8
2017-11-16 CVE-2017-0909 Private Address Check Project Unspecified vulnerability in Private Address Check Project Private Address Check

The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.

9.8
2017-11-16 CVE-2017-16851 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.

9.8
2017-11-16 CVE-2017-16850 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.

9.8
2017-11-16 CVE-2017-16849 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.

9.8
2017-11-16 CVE-2017-16848 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0

Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.

9.8
2017-11-16 CVE-2017-16847 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.

9.8
2017-11-16 CVE-2017-16846 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.

9.8
2017-11-16 CVE-2017-16844 Procmail Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Procmail 3.22

Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.

9.8
2017-11-16 CVE-2017-12337 Cisco Improper Authentication vulnerability in Cisco products

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device.

9.8
2017-11-15 CVE-2017-5533 Tibco Unspecified vulnerability in Tibco products

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files.

9.8
2017-11-15 CVE-2017-12634 Apache Deserialization of Untrusted Data vulnerability in Apache Camel

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability.

9.8
2017-11-15 CVE-2017-12633 Apache Deserialization of Untrusted Data vulnerability in Apache Camel

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability.

9.8
2017-11-15 CVE-2017-8809 Mediawiki
Debian
Injection vulnerability in multiple products

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

9.8
2017-11-15 CVE-2017-12739 Siemens Insecure Default Initialization of Resource vulnerability in Siemens Sm-2556 Firmware

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00.

9.8
2017-11-14 CVE-2017-16820 Collectd Double Free vulnerability in Collectd

The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).

9.8
2017-11-14 CVE-2017-12635 Apache Improper Privilege Management vulnerability in Apache Couchdb

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users.

9.8
2017-11-14 CVE-2017-6274 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel.

9.8
2017-11-13 CVE-2017-1710 IBM Unspecified vulnerability in IBM products

A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation.

9.8
2017-11-13 CVE-2017-1221 IBM Weak Password Requirements vulnerability in IBM Bigfix Platform 9.2/9.5

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

9.8
2017-11-13 CVE-2017-14024 Schneider Electric Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Wonderware Indusoft web Studio and Wonderware Intouch

A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions.

9.8
2017-11-13 CVE-2017-0907 Recurly Server-Side Request Forgery (SSRF) vulnerability in Recurly Client .Net

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.

9.8
2017-11-13 CVE-2017-0906 Recurly Server-Side Request Forgery (SSRF) vulnerability in Recurly Client Python

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.

9.8
2017-11-13 CVE-2017-0905 Recurly Server-Side Request Forgery (SSRF) vulnerability in Recurly Client Ruby

The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources.

9.8
2017-11-13 CVE-2017-0889 Thoughtbot Server-Side Request Forgery (SSRF) vulnerability in Thoughtbot Paperclip

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class.

9.8
2017-11-13 CVE-2017-10871 Nttdocomo Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nttdocomo Wi-Fi Station L-02F Firmware L02Fmdm9625V10Hjun232017Dcmjp

Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors.

9.8
2017-11-13 CVE-2017-13846 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.8
2017-11-13 CVE-2017-13832 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.8
2017-11-13 CVE-2017-13815 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.8
2017-11-17 CVE-2017-1000190 Simplexml Project XXE vulnerability in Simplexml Project Simplexml 2.7.1

SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.

9.1
2017-11-16 CVE-2017-0854 Google Out-of-bounds Read vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (n/a).

9.1
2017-11-16 CVE-2017-0853 Google Unspecified vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (n/a).

9.1
2017-11-16 CVE-2017-5738 Intel Information Exposure vulnerability in Intel Unite 3.1.32.12/3.1.41.18/3.1.45.26

Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure.

9.1
2017-11-16 CVE-2017-8807 Varnish Cache
Varnish Cache Project
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.

9.1

219 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-17 CVE-2017-1000217 Opencast Injection vulnerability in Opencast

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.

8.8
2017-11-17 CVE-2017-1000203 Cern OS Command Injection vulnerability in Cern Root

ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution

8.8
2017-11-17 CVE-2017-4934 Vmware Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Fusion and Workstation

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device.

8.8
2017-11-17 CVE-2017-1000238 Invoiceplane Unrestricted Upload of File with Dangerous Type vulnerability in Invoiceplane 1.4.10

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver.

8.8
2017-11-17 CVE-2017-1000208 Swagger Deserialization of Untrusted Data vulnerability in Swagger Swagger-Codegen and Swagger-Parser

A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed.

8.8
2017-11-16 CVE-2017-15516 Netapp Cross-Site Request Forgery (CSRF) vulnerability in Netapp Snapcenter Server 1.1/2.0

NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.

8.8
2017-11-16 CVE-2017-15864 Otrs
Debian
In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.
8.8
2017-11-16 CVE-2017-14034 Libbpg Project Out-of-bounds Read vulnerability in Libbpg Project Libbpg 0.9.7

The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.

8.8
2017-11-16 CVE-2017-13136 Libbpg Project Integer Overflow or Wraparound vulnerability in Libbpg Project Libbpg 0.9.7

The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.

8.8
2017-11-15 CVE-2014-3150 Orange 7PK - Security Features vulnerability in Orange Livebox 1.1 Firmware 26014A

Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.

8.8
2017-11-15 CVE-2014-4000 Cacti Code Injection vulnerability in Cacti

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).

8.8
2017-11-15 CVE-2017-7851 D Link Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dcs-936L

D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.

8.8
2017-11-15 CVE-2017-11879 Microsoft Open Redirect vulnerability in Microsoft Asp.Net Core 2.0

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

8.8
2017-11-15 CVE-2017-11876 Microsoft Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Project Server and Sharepoint Enterprise Server

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".

8.8
2017-11-15 CVE-2017-11854 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office, Office Compatibility Pack and Word

Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".

8.8
2017-11-13 CVE-2017-1453 IBM OS Command Injection vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0

IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system.

8.8
2017-11-13 CVE-2017-9314 Dahuasecurity Improper Authentication vulnerability in Dahuasecurity products

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102.

8.8
2017-11-13 CVE-2017-11169 Iball Unspecified vulnerability in Iball Ib-Wra300N3Gt Firmware 1.1.1

Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi.

8.8
2017-11-13 CVE-2017-13803 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13802 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13798 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13797 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13796 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13795 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13794 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13793 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13792 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13791 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13788 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13785 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13784 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-13 CVE-2017-13783 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

8.8
2017-11-16 CVE-2017-12350 Cisco Use of Hard-coded Credentials vulnerability in Cisco Umbrella Insights Virtual Appliance

A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges.

8.2
2017-11-17 CVE-2017-16871 Updraftplus Code Injection vulnerability in Updraftplus

The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter.

8.1
2017-11-17 CVE-2017-16870 Updraftplus Server-Side Request Forgery (SSRF) vulnerability in Updraftplus

The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction.

8.1
2017-11-17 CVE-2017-1000241 Open EMR Improper Privilege Management vulnerability in Open-Emr Openemr 5.0.1

The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability.

8.1
2017-11-16 CVE-2017-16853 Shibboleth
Debian
Improper Verification of Cryptographic Signature vulnerability in multiple products

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.

8.1
2017-11-16 CVE-2017-16852 Shibboleth
Debian
Improper Verification of Cryptographic Signature vulnerability in multiple products

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.

8.1
2017-11-15 CVE-2017-15806 Zetacomponents Code Injection vulnerability in Zetacomponents Mail

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."

8.1
2017-11-14 CVE-2017-3891 Blackberry Incorrect Authorization vulnerability in Blackberry QNX Software Development Platform 6.6.0

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.

8.1
2017-11-13 CVE-2017-1477 IBM XXE vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0

IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

8.1
2017-11-13 CVE-2017-0904 Private Address Check Project Improper Handling of Exceptional Conditions vulnerability in Private Address Check Project Private Address Check 0.1.0/0.2.0/0.3.0

The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.

8.1
2017-11-13 CVE-2017-14711 Kickbase Insufficiently Protected Credentials vulnerability in Kickbase Bundesliga Manager

The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication.

8.1
2017-11-18 CVE-2017-16882 Icinga Incorrect Permission Assignment for Critical Resource vulnerability in Icinga

Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312.

7.8
2017-11-17 CVE-2017-4939 Vmware Untrusted Search Path vulnerability in VMWare Workstation

VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly.

7.8
2017-11-17 CVE-2017-4937 Vmware Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll.

7.8
2017-11-17 CVE-2017-4936 Vmware Out-of-bounds Read vulnerability in VMWare Horizon View and Workstation

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll.

7.8
2017-11-17 CVE-2017-4935 Vmware Out-of-bounds Write vulnerability in VMWare Horizon View and Workstation

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll.

7.8
2017-11-17 CVE-2017-10887 Bookwalker Untrusted Search Path vulnerability in Bookwalker Book Walker 1.2.5/1.2.9

Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

7.8
2017-11-17 CVE-2017-16869 UPX Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in UPX Project UPX 3.94

p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions.

7.8
2017-11-17 CVE-2017-1000229 Optipng Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.

7.8
2017-11-17 CVE-2017-1000187 Swftools Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools

In SWFTools, an address access exception was found in pdf2swf.

7.8
2017-11-16 CVE-2017-0865 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the MediaTek soc driver.

7.8
2017-11-16 CVE-2017-0864 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the MediaTek ioctl (flashlight).

7.8
2017-11-16 CVE-2017-0863 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the Upstream kernel video driver.

7.8
2017-11-16 CVE-2017-0862 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the Upstream kernel kernel.

7.8
2017-11-16 CVE-2017-0861 Google Use After Free vulnerability in Google Android

Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.

7.8
2017-11-16 CVE-2017-0843 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the MediaTek ccci.

7.8
2017-11-16 CVE-2017-0842 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

An elevation of privilege vulnerability in the Android system (bluetooth).

7.8
2017-11-16 CVE-2017-0841 Google Integer Overflow or Wraparound vulnerability in Google Android

A remote code execution vulnerability in the Android system (libutils).

7.8
2017-11-16 CVE-2017-0838 Google Unspecified vulnerability in Google Android 7.0/7.1.1/7.1.2

An elevation of privilege vulnerability in the Android media framework (libstagefright).

7.8
2017-11-16 CVE-2017-0836 Google Improper Validation of Array Index vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libhevc).

7.8
2017-11-16 CVE-2017-0835 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libmpeg2).

7.8
2017-11-16 CVE-2017-0834 Google Out-of-bounds Write vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libmpeg2).

7.8
2017-11-16 CVE-2017-0833 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libavc).

7.8
2017-11-16 CVE-2017-0832 Google Unspecified vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libmpeg2).

7.8
2017-11-16 CVE-2017-0831 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 8.0

An elevation of privilege vulnerability in the Android framework (window manager).

7.8
2017-11-16 CVE-2017-0830 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

An elevation of privilege vulnerability in the Android framework (device policy client).

7.8
2017-11-16 CVE-2017-9721 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a buffer overflow can occur while parsing the splash image.

7.8
2017-11-16 CVE-2017-9719 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range.

7.8
2017-11-16 CVE-2017-9702 Google Unspecified vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver.

7.8
2017-11-16 CVE-2017-9690 Google Integer Overflow or Wraparound vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow.

7.8
2017-11-16 CVE-2017-11092 Google Use After Free vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur.

7.8
2017-11-16 CVE-2017-11091 Google Use After Free vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early.

7.8
2017-11-16 CVE-2017-11085 Google Integer Overflow or Wraparound vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in msm_audio_effects_virtualizer_handler, file msm-audio-effects-q6-v2.c

7.8
2017-11-16 CVE-2017-11073 Google Unspecified vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space.

7.8
2017-11-16 CVE-2017-11038 Google Unspecified vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use.

7.8
2017-11-16 CVE-2017-11035 Google Out-of-bounds Read vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and "csr_roam_issue_ft_preauth_req" due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size.

7.8
2017-11-16 CVE-2017-11032 Google Double Free vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in the service-locator driver function service_locator_send_msg().

7.8
2017-11-16 CVE-2017-11029 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space.

7.8
2017-11-16 CVE-2017-11027 Google Improper Input Validation vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability.

7.8
2017-11-16 CVE-2017-11026 Google Use of Hard-coded Credentials vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys.

7.8
2017-11-16 CVE-2017-11024 Google Use After Free vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Free condition.

7.8
2017-11-16 CVE-2017-11023 Google Unspecified vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads.

7.8
2017-11-16 CVE-2017-11018 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel

7.8
2017-11-16 CVE-2017-11017 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible to corrupt memory, or access uninitialized memory.

7.8
2017-11-16 CVE-2017-11015 Google Classic Buffer Overflow vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in buffer overflow since the frame parser allows challenge text of length up to 253 bytes, but the driver can not handle challenge text larger than 128 bytes.

7.8
2017-11-16 CVE-2017-11014 Google Classic Buffer Overflow vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer overflow can occur.

7.8
2017-11-16 CVE-2017-11013 Google Classic Buffer Overflow vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no boundary check against "pIe->arraybound".

7.8
2017-11-16 CVE-2017-11012 Google Out-of-bounds Write vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a stack-based buffer overflow can occur.

7.8
2017-11-16 CVE-2017-0866 Nvidia Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia Tegra X1 Firmware

An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree.

7.8
2017-11-16 CVE-2017-4932 Vmware Unspecified vulnerability in VMWare Airwatch Launcher

VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege.

7.8
2017-11-16 CVE-2017-4931 Vmware Improper Input Validation vulnerability in VMWare Airwatch

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files.

7.8
2017-11-16 CVE-2017-1087 Freebsd Path Traversal vulnerability in Freebsd

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system.

7.8
2017-11-16 CVE-2017-16777 Hashicorp Uncontrolled Search Path Element vulnerability in Hashicorp Vagrant 5.0.3

If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.

7.8
2017-11-16 CVE-2017-12314 Cisco Uncontrolled Search Path Element vulnerability in Cisco Findit Network Discovery Utility 2.1

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading.

7.8
2017-11-16 CVE-2017-13135 Libbpg Project NULL Pointer Dereference vulnerability in Libbpg Project Libbpg 0.9.7

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.

7.8
2017-11-16 CVE-2017-16837 Trusted Boot Project Improper Input Validation vulnerability in Trusted Boot Project Trusted Boot 1.9.6

Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.

7.8
2017-11-16 CVE-2017-16834 Pnp4Nagios Incorrect Permission Assignment for Critical Resource vulnerability in Pnp4Nagios

PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.

7.8
2017-11-15 CVE-2017-15115 Linux
Debian
Suse
Canonical
Use After Free vulnerability in multiple products

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.

7.8
2017-11-15 CVE-2017-15288 Scala Lang Incorrect Permission Assignment for Critical Resource vulnerability in Scala-Lang Scala

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.

7.8
2017-11-15 CVE-2017-14961 Ikarussecurity Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.7

In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.

7.8
2017-11-15 CVE-2017-16832 GNU Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1

The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.

7.8
2017-11-15 CVE-2017-16831 GNU Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1

coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.

7.8
2017-11-15 CVE-2017-16830 GNU Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1

The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.

7.8
2017-11-15 CVE-2017-16829 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.29.1

The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.

7.8
2017-11-15 CVE-2017-16828 GNU Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1

The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.

7.8
2017-11-15 CVE-2017-16827 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1

The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.

7.8
2017-11-15 CVE-2017-16826 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1

The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.

7.8
2017-11-15 CVE-2017-11884 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel 2016

Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability".

7.8
2017-11-15 CVE-2017-11882 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability".

7.8
2017-11-15 CVE-2017-11878 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".

7.8
2017-11-15 CVE-2017-11847 Microsoft Unspecified vulnerability in Microsoft products

Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".

7.8
2017-11-14 CVE-2017-6264 Linux Out-of-bounds Read vulnerability in Linux Kernel

An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process.

7.8
2017-11-13 CVE-2017-14020 Automationdirect Uncontrolled Search Path Element vulnerability in Automationdirect products

In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number DM-PGMSW) Versions 2.0.3 and prior; GS Drives Configuration Software (Part Number GSOFT) Versions 4.0.6 and prior; SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) Versions 1.1.0.5 and prior; and DirectSOFT Programming Software Versions 6.1 and prior, an uncontrolled search path element (DLL Hijacking) vulnerability has been identified.

7.8
2017-11-13 CVE-2017-14388 Pivotal Software Improper Input Validation vulnerability in Pivotal Software Grootfs

Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache.

7.8
2017-11-13 CVE-2017-3767 Realtek Unspecified vulnerability in Realtek Audio Driver Firmware

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products.

7.8
2017-11-13 CVE-2017-3166 Apache Incorrect Permission Assignment for Critical Resource vulnerability in Apache Hadoop

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.

7.8
2017-11-13 CVE-2017-10885 Sbisec Untrusted Search Path vulnerability in Sbisec Hyper SBI 2.2

Untrusted search path vulnerability in HYPER SBI Ver.

7.8
2017-11-13 CVE-2016-6803 Apache Untrusted Search Path vulnerability in Apache Openoffice

An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows.

7.8
2017-11-13 CVE-2017-7132 Apple Resource Exhaustion vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13843 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13838 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13834 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13833 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13830 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13829 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13825 Apple Resource Exhaustion vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13824 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13816 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13814 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13813 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13812 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13811 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13809 Apple Improper Input Validation vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13808 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13807 Apple Improper Input Validation vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13800 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.8
2017-11-13 CVE-2017-13799 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

7.8
2017-11-19 CVE-2017-16892 Bftpd Project Missing Release of Resource after Effective Lifetime vulnerability in Bftpd Project Bftpd

In Bftpd before 4.7, there is a memory leak in the file rename function.

7.5
2017-11-17 CVE-2017-1000230 Snap7 Project Improper Input Validation vulnerability in Snap7 Project Snap7 Server 1.4.1

The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.

7.5
2017-11-17 CVE-2017-13703 Moxa Improper Input Validation vulnerability in Moxa Eds-G512E Firmware 5.1

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices.

7.5
2017-11-17 CVE-2017-1000170 Jqueryfiletree Project Path Traversal vulnerability in Jqueryfiletree Project Jqueryfiletree

jqueryFileTree 2.1.5 and older Directory Traversal

7.5
2017-11-17 CVE-2017-16877 Zeit Path Traversal vulnerability in Zeit Next.Js

ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

7.5
2017-11-17 CVE-2017-1000191 Jool Resource Exhaustion vulnerability in Jool 3.5.0/3.5.1

Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.

7.5
2017-11-17 CVE-2017-16875 Teluu Unspecified vulnerability in Teluu Pjsip

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1.

7.5
2017-11-17 CVE-2017-4928 Vmware Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 5.5/6.0

The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e.

7.5
2017-11-17 CVE-2017-4927 Vmware LDAP Injection vulnerability in VMWare Vcenter Server 6.0/6.5

VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

7.5
2017-11-17 CVE-2017-1000129 S9Y SQL Injection vulnerability in S9Y Serendipity 2.0.3

Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure

7.5
2017-11-17 CVE-2017-1000125 Codiad Incorrect Permission Assignment for Critical Resource vulnerability in Codiad

Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.

7.5
2017-11-17 CVE-2017-1000247 Codeigniter Improper Input Validation vulnerability in Codeigniter 3.1.3

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.

7.5
2017-11-17 CVE-2017-1000189 EJS Improper Input Validation vulnerability in EJS

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()

7.5
2017-11-17 CVE-2017-1000200 Tcmu Runner Project NULL Pointer Dereference vulnerability in Tcmu-Runner Project Tcmu-Runner

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service

7.5
2017-11-17 CVE-2017-1000199 Tcmu Runner Project Information Exposure vulnerability in Tcmu-Runner Project Tcmu-Runner

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.

7.5
2017-11-17 CVE-2017-1000198 Tcmu Runner Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tcmu-Runner Project Tcmu-Runner

tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service

7.5
2017-11-17 CVE-2017-1000195 Octobercms Deserialization of Untrusted Data vulnerability in Octobercms October

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.

7.5
2017-11-16 CVE-2017-0859 Google Unspecified vulnerability in Google Android

Another vulnerability in the Android media framework (n/a).

7.5
2017-11-16 CVE-2017-0858 Google Improper Input Validation vulnerability in Google Android

Another vulnerability in the Android media framework (n/a).

7.5
2017-11-16 CVE-2017-0857 Google Incorrect Conversion between Numeric Types vulnerability in Google Android

Another vulnerability in the Android media framework (n/a).

7.5
2017-11-16 CVE-2017-0852 Google Out-of-bounds Write vulnerability in Google Android 5.0.2/5.1.1/6.0

A denial of service vulnerability in the Android media framework (libhevc).

7.5
2017-11-16 CVE-2017-0845 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

A denial of service vulnerability in the Android framework (syncstorageengine).

7.5
2017-11-16 CVE-2017-0840 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (libstagefright).

7.5
2017-11-16 CVE-2017-0839 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (libeffects).

7.5
2017-11-16 CVE-2017-9701 Google Information Exposure vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory.

7.5
2017-11-16 CVE-2017-9696 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream.

7.5
2017-11-16 CVE-2017-8279 Google Race Condition vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read.

7.5
2017-11-16 CVE-2017-11093 Google Out-of-bounds Read vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an upper-bound validation when reading "num_of_cea_blocks" from the untrusted source (EDID), kernel memory can be exposed.

7.5
2017-11-16 CVE-2017-11090 Google Out-of-bounds Read vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes.

7.5
2017-11-16 CVE-2017-11089 Google Out-of-bounds Read vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes

7.5
2017-11-16 CVE-2017-11058 Google Out-of-bounds Read vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.

7.5
2017-11-16 CVE-2017-11028 Google Information Exposure vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data().

7.5
2017-11-16 CVE-2017-16719 Moxa Injection vulnerability in Moxa products

An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior.

7.5
2017-11-16 CVE-2017-16715 Moxa Information Exposure vulnerability in Moxa products

An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior.

7.5
2017-11-16 CVE-2017-14028 Moxa Resource Exhaustion vulnerability in Moxa products

A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior.

7.5
2017-11-16 CVE-2017-12318 Cisco Resource Exhaustion vulnerability in Cisco RF Gateway 1 Firmware

A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition.

7.5
2017-11-16 CVE-2017-12316 Cisco Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Identity Services Engine Software 2.1(0.229)

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit.

7.5
2017-11-15 CVE-2017-15923 Konversation
Debian
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.
7.5
2017-11-15 CVE-2017-8815 Mediawiki
Debian
Improper Input Validation vulnerability in multiple products

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.

7.5
2017-11-15 CVE-2017-8814 Mediawiki
Debian
Improper Input Validation vulnerability in multiple products

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."

7.5
2017-11-15 CVE-2017-8810 Mediawiki
Debian
Information Exposure vulnerability in multiple products

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.

7.5
2017-11-15 CVE-2017-8700 Microsoft Unspecified vulnerability in Microsoft Asp.Net Core 1.0/1.1/2.0

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".

7.5
2017-11-15 CVE-2017-11883 Microsoft Unspecified vulnerability in Microsoft Aspnetcore 1.0/1.1/2.0

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".

7.5
2017-11-15 CVE-2017-11873 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11871 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11870 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11869 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11866 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11862 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11861 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11858 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11856 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11855 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11846 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11845 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11843 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11841 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11840 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11839 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11838 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11837 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11836 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11827 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".

7.5
2017-11-15 CVE-2017-11788 Microsoft Unspecified vulnerability in Microsoft products

Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability".

7.5
2017-11-15 CVE-2017-11770 Microsoft Improper Certificate Validation vulnerability in Microsoft Aspnetcore 1.0/1.1/2.0

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data.

7.5
2017-11-14 CVE-2017-10267 Oracle Information Exposure vulnerability in Oracle Tuxedo

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core).

7.5
2017-11-14 CVE-2017-3893 Blackberry Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Blackberry QNX Software Development Platform 6.6.0

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.

7.5
2017-11-14 CVE-2017-3892 Blackberry Information Exposure vulnerability in Blackberry QNX Software Development Platform 6.6.0

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources.

7.5
2017-11-14 CVE-2017-6275 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address.

7.5
2017-11-13 CVE-2016-8610 Openssl
Debian
Redhat
Netapp
Paloaltonetworks
Oracle
Fujitsu
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake.
7.5
2017-11-13 CVE-2017-16806 Ulterius Path Traversal vulnerability in Ulterius Server 1.5.6.0/1.8.0.0

The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.

7.5
2017-11-13 CVE-2017-16803 Libav Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav

In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.

7.5
2017-11-13 CVE-2017-10875 Iodata Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata LAN Disk Connect Firmware 2.02

I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors.

7.5
2017-11-17 CVE-2017-6168 F5 Information Exposure Through Discrepancy vulnerability in F5 products

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.

7.4
2017-11-17 CVE-2017-14111 Philips Insufficiently Protected Credentials vulnerability in Philips Intellispace Cardiovascular and Xcelera

The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.

7.2
2017-11-14 CVE-2017-12636 Apache OS Command Injection vulnerability in Apache Couchdb

CouchDB administrative users can configure the database server via HTTP(S).

7.2
2017-11-13 CVE-2017-13831 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.1
2017-11-13 CVE-2017-13820 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

7.1
2017-11-16 CVE-2017-11025 Google Race Condition vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur.

7.0
2017-11-14 CVE-2017-10278 Oracle Unspecified vulnerability in Oracle Tuxedo

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security).

7.0

149 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-13 CVE-2017-15526 Symantec NULL Pointer Dereference vulnerability in Symantec Endpoint Encryption

Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.

6.8
2017-11-16 CVE-2017-12313 Cisco Untrusted Search Path vulnerability in Cisco Packet Tracer

An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker.

6.7
2017-11-16 CVE-2017-12312 Cisco Untrusted Search Path vulnerability in Cisco Advanced Malware Protection for Endpoints 3.1.0

An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker.

6.7
2017-11-16 CVE-2017-12305 Cisco OS Command Injection vulnerability in Cisco IP Phone 8800 Series Firmware

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection.

6.7
2017-11-18 CVE-2017-16883 Libming NULL Pointer Dereference vulnerability in Libming

The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.

6.5
2017-11-17 CVE-2017-1000221 Apereo Incorrect Permission Assignment for Critical Resource vulnerability in Apereo Opencast

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction.

6.5
2017-11-17 CVE-2017-1000168 Sodiumoxide Project Unspecified vulnerability in Sodiumoxide Project Sodiumoxide

sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys

6.5
2017-11-17 CVE-2017-4938 Vmware NULL Pointer Dereference vulnerability in VMWare Fusion and Workstation

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability.

6.5
2017-11-17 CVE-2017-1000224 Embedplus Cross-Site Request Forgery (CSRF) vulnerability in Embedplus Youtube

CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin

6.5
2017-11-16 CVE-2017-16867 Amazon Unspecified vulnerability in Amazon KEY Firmware 20171116

Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving.

6.5
2017-11-15 CVE-2017-11872 Microsoft Unspecified vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability".

6.5
2017-11-14 CVE-2017-16239 Openstack Unspecified vulnerability in Openstack Nova

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter).

6.5
2017-11-13 CVE-2017-13790 Apple Improper Input Validation vulnerability in Apple Safari

An issue was discovered in certain Apple products.

6.5
2017-11-13 CVE-2017-13789 Apple Improper Input Validation vulnerability in Apple Safari

An issue was discovered in certain Apple products.

6.5
2017-11-15 CVE-2017-15102 Linux
Redhat
Canonical
NULL Pointer Dereference vulnerability in multiple products

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.

6.3
2017-11-18 CVE-2017-16881 Symphony Project Cross-site Scripting vulnerability in Symphony Project Symphony 2.2.0

b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java.

6.1
2017-11-18 CVE-2017-14077 Phpcaptcha Code Injection vulnerability in PHPcaptcha Securimage

HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.

6.1
2017-11-17 CVE-2017-16880 Whoops Project Cross-site Scripting vulnerability in Whoops Project Whoops

The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.

6.1
2017-11-17 CVE-2017-1000163 Phoenixframework Open Redirect vulnerability in Phoenixframework Phoenix

The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.

6.1
2017-11-17 CVE-2017-4929 Vmware Cross-site Scripting vulnerability in VMWare NSX Edge

VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.

6.1
2017-11-17 CVE-2017-1000225 Relevanssi Cross-site Scripting vulnerability in Relevanssi 1.14.8

Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can

6.1
2017-11-17 CVE-2017-1000236 I Librarian Cross-site Scripting vulnerability in I-Librarian I Librarian

I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.

6.1
2017-11-17 CVE-2017-1000188 EJS Cross-site Scripting vulnerability in EJS

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection

6.1
2017-11-17 CVE-2017-1000193 Octobercms Cross-site Scripting vulnerability in Octobercms October

October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.

6.1
2017-11-16 CVE-2017-16866 Finecms Cross-site Scripting vulnerability in Finecms 5.2.0

dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.

6.1
2017-11-16 CVE-2017-12323 Cisco Cross-site Scripting vulnerability in Cisco Registered Envelope Service

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page.

6.1
2017-11-16 CVE-2017-12322 Cisco Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0038

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page.

6.1
2017-11-16 CVE-2017-12321 Cisco Cross-site Scripting vulnerability in Cisco Registered Envelope Service

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page.

6.1
2017-11-16 CVE-2017-12320 Cisco Cross-site Scripting vulnerability in Cisco Registered Envelope Service

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page.

6.1
2017-11-16 CVE-2017-12304 Cisco Cross-site Scripting vulnerability in Cisco IOS 15.7(2.0Z)M

A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device.

6.1
2017-11-16 CVE-2017-12292 Cisco Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page.

6.1
2017-11-16 CVE-2017-12291 Cisco Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page.

6.1
2017-11-16 CVE-2017-12290 Cisco Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page.

6.1
2017-11-16 CVE-2017-16841 Lansweeper Cross-site Scripting vulnerability in Lansweeper

LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.

6.1
2017-11-16 CVE-2017-16836 Commscope Cross-site Scripting vulnerability in Commscope Arris Tg1682G Firmware 10.0.59.Sip.Pc20.Ct

Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.

6.1
2017-11-15 CVE-2017-16833 Gemirro Project Cross-site Scripting vulnerability in Gemirro Project Gemirro

Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file.

6.1
2017-11-15 CVE-2017-8811 Mediawiki
Debian
Improper Input Validation vulnerability in multiple products

The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.

6.1
2017-11-15 CVE-2017-8808 Mediawiki
Debian
Cross-site Scripting vulnerability in multiple products

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.

6.1
2017-11-15 CVE-2017-12738 Siemens Cross-site Scripting vulnerability in Siemens Sm-2556 Firmware

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00.

6.1
2017-11-15 CVE-2017-11863 Microsoft Improper Input Validation vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability".

6.1
2017-11-14 CVE-2017-16815 Snapcreek Cross-site Scripting vulnerability in Snapcreek Duplicator 1.2.28

installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly.

6.1
2017-11-14 CVE-2017-9085 Kodak Cross-site Scripting vulnerability in Kodak Insite

Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp.

6.1
2017-11-13 CVE-2017-7739 Fortinet Cross-site Scripting vulnerability in Fortinet Fortios

A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.

6.1
2017-11-13 CVE-2017-16792 Geminabox Project Cross-site Scripting vulnerability in Geminabox Project Geminabox

Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.

6.1
2017-11-13 CVE-2017-13819 Apple Cross-site Scripting vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.1
2017-11-16 CVE-2017-12315 Cisco Information Exposure vulnerability in Cisco Hyperflex HX Data Platform 2.6(1A)

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files.

6.0
2017-11-17 CVE-2017-1000209 NV Websocket Client Project Improper Certificate Validation vulnerability in Nv-Websocket-Client Project Nv-Websocket-Client

The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate.

5.9
2017-11-15 CVE-2014-2845 Cyberduck Improper Certificate Validation vulnerability in Cyberduck

Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.

5.9
2017-11-15 CVE-2017-15271 Psftp Use After Free vulnerability in Psftp Psftpd 10.0.4

A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729.

5.9
2017-11-14 CVE-2017-9371 Blackberry Insufficient Entropy in PRNG vulnerability in Blackberry QNX Software Development Platform 6.5.0/6.6.0

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.

5.9
2017-11-13 CVE-2017-1229 IBM Information Exposure vulnerability in IBM Bigfix Platform 9.2/9.5

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

5.9
2017-11-16 CVE-2017-12311 Cisco Improper Input Validation vulnerability in Cisco Meeting Server

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame.

5.8
2017-11-16 CVE-2017-12300 Cisco Improper Input Validation vulnerability in Cisco Secure Firewall Management Center

A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol.

5.8
2017-11-17 CVE-2017-1000128 Exiv2 Out-of-bounds Read vulnerability in Exiv2 0.26

Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser

5.5
2017-11-17 CVE-2017-1000127 Exiv2 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exiv2 0.26

Exiv2 0.26 contains a heap buffer overflow in tiff parser

5.5
2017-11-17 CVE-2017-1000126 Exiv2 Out-of-bounds Read vulnerability in Exiv2 0.26

exiv2 0.26 contains a Stack out of bounds read in webp parser

5.5
2017-11-17 CVE-2017-10888 Bookwalker Information Exposure vulnerability in Bookwalker Book Walker 1.2.5/1.2.9

BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors.

5.5
2017-11-17 CVE-2017-16868 Swftools NULL Pointer Dereference vulnerability in Swftools 0.9.2

In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.

5.5
2017-11-17 CVE-2017-1000201 Tcmu Runner Project Improper Input Validation vulnerability in Tcmu-Runner Project Tcmu-Runner

The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack

5.5
2017-11-17 CVE-2017-1000186 Swftools Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools

In SWFTools, a stack overflow was found in pdf2swf.

5.5
2017-11-17 CVE-2017-1000185 Swftools Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools

In SWFTools, a memcpy buffer overflow was found in gif2swf.

5.5
2017-11-17 CVE-2017-1000182 Swftools Missing Release of Resource after Effective Lifetime vulnerability in Swftools

In SWFTools, a memory leak was found in wav2swf.

5.5
2017-11-17 CVE-2017-1000176 Swftools Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools

In SWFTools, a memcpy buffer overflow was found in swfc.

5.5
2017-11-17 CVE-2017-1000174 Swftools Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools

In SWFTools, an address access exception was found in swfdump swf_GetBits().

5.5
2017-11-17 CVE-2017-15517 Netapp Information Exposure vulnerability in Netapp Altavault OST Plug-In

AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors.

5.5
2017-11-15 CVE-2014-0219 Apache Improper Input Validation vulnerability in Apache Karaf

Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.

5.5
2017-11-15 CVE-2017-11877 Microsoft Unspecified vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability".

5.5
2017-11-15 CVE-2017-11853 Microsoft Information Exposure vulnerability in Microsoft products

Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability".

5.5
2017-11-15 CVE-2017-11835 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability".

5.5
2017-11-14 CVE-2017-12624 Apache Unspecified vulnerability in Apache CXF

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications.

5.5
2017-11-13 CVE-2017-16808 Tcpdump Out-of-bounds Read vulnerability in Tcpdump 4.9.2

tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.

5.5
2017-11-13 CVE-2017-16805 Radare Out-of-bounds Read vulnerability in Radare Radare2 2.0.1

In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.

5.5
2017-11-13 CVE-2017-8806 Postgresql Link Following vulnerability in Postgresql

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.

5.5
2017-11-13 CVE-2017-7113 Apple Information Exposure vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13849 Apple Improper Input Validation vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13842 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13841 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13840 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13836 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13828 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13823 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13822 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13821 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13818 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13817 Apple Out-of-bounds Read vulnerability in Apple mac OS X

An out-of-bounds read issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13810 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13804 Apple Improper Input Validation vulnerability in Apple products

An issue was discovered in certain Apple products.

5.5
2017-11-13 CVE-2017-13782 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.5
2017-11-17 CVE-2017-1000227 Parallelus Cross-site Scripting vulnerability in Parallelus Salutation 3.0.15

Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can

5.4
2017-11-17 CVE-2017-16819 Icontime Cross-site Scripting vulnerability in Icontime Rtc-1000 Firmware 2.5.7458

A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.

5.4
2017-11-17 CVE-2017-10886 CS Cart Cross-site Scripting vulnerability in Cs-Cart and Cs-Cart Multivendor

Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

5.4
2017-11-17 CVE-2017-1000223 Modx Cross-site Scripting vulnerability in Modx Revolution

A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier.

5.4
2017-11-17 CVE-2017-1000164 Tine20 Cross-site Scripting vulnerability in Tine20 Tine 2.0 2017.02.4

Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation

5.4
2017-11-17 CVE-2017-1000160 Expressionengine Cross-site Scripting vulnerability in Expressionengine 3.4.2

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection

5.4
2017-11-17 CVE-2017-1000240 Open EMR Cross-site Scripting vulnerability in Open-Emr Openemr

The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions.

5.4
2017-11-17 CVE-2017-1000239 Invoiceplane Cross-site Scripting vulnerability in Invoiceplane 1.4.10

InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site.

5.4
2017-11-16 CVE-2017-4930 Vmware Cross-site Scripting vulnerability in VMWare Airwatch

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page.

5.4
2017-11-16 CVE-2017-16843 Vonage Cross-site Scripting vulnerability in Vonage Vdv-23 Firmware 3.2.110.9.40

Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.

5.4
2017-11-15 CVE-2017-5532 Tibco Cross-site Scripting vulnerability in Tibco products

A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks.

5.4
2017-11-15 CVE-2017-16821 B3Log Cross-site Scripting vulnerability in B3Log Symphony 2.2.0

b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.

5.4
2017-11-14 CVE-2017-9394 CA Cross-site Scripting vulnerability in CA Identity Governance 12.6.0

A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.

5.4
2017-11-14 CVE-2017-16810 Octopus Cross-site Scripting vulnerability in Octopus Deploy

Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter.

5.4
2017-11-13 CVE-2017-16807 Getkirby Cross-site Scripting vulnerability in Getkirby Panel

A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.

5.4
2017-11-13 CVE-2017-16802 Misp Project Cross-site Scripting vulnerability in Misp-Project Misp 2.4.82

In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.

5.4
2017-11-13 CVE-2017-16801 Octopus Cross-site Scripting vulnerability in Octopus Deploy

Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.

5.4
2017-11-17 CVE-2017-13702 Moxa Information Exposure vulnerability in Moxa Eds-G512E Firmware 5.1

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices.

5.3
2017-11-17 CVE-2017-1000211 Lynx Project Use After Free vulnerability in Lynx Project Lynx 2.8.9

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.

5.3
2017-11-17 CVE-2017-1000226 Fullworks Information Exposure vulnerability in Fullworks Stop User Enumeration 1.3.8

Stop User Enumeration 1.3.8 allows user enumeration via the REST API

5.3
2017-11-17 CVE-2017-1000246 Pysaml2 Project Use of Insufficiently Random Values vulnerability in Pysaml2 Project Pysaml2

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

5.3
2017-11-17 CVE-2017-1000234 I Librarian Information Exposure vulnerability in I-Librarian I Librarian

I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter

5.3
2017-11-16 CVE-2017-0860 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the Android system (inputdispatcher).

5.3
2017-11-16 CVE-2017-0851 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (libhevc).

5.3
2017-11-16 CVE-2017-0850 Google Information Exposure vulnerability in Google Android 7.0/7.1.1/7.1.2

An information disclosure vulnerability in the Android media framework (libstagefright).

5.3
2017-11-16 CVE-2017-0849 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (libavc).

5.3
2017-11-16 CVE-2017-0848 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (libeffects).

5.3
2017-11-16 CVE-2017-11022 Google Information Exposure vulnerability in Google Android

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features.

5.3
2017-11-16 CVE-2017-12309 Cisco HTTP Response Splitting vulnerability in Cisco Email Security Appliance Firmware 10.0.2020/11.0.0105

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack.

5.3
2017-11-16 CVE-2017-12303 Cisco Improperly Implemented Security Check for Standard vulnerability in Cisco Asyncos 10.1.1234/10.1.1235

A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule.

5.3
2017-11-16 CVE-2017-12299 Cisco Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 2.2(1.58)

A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic.

5.3
2017-11-15 CVE-2017-15272 Psftp Insufficiently Protected Credentials vulnerability in Psftp Psftpd 10.0.4

The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat.

5.3
2017-11-15 CVE-2017-15270 Psftp Improper Input Validation vulnerability in Psftp Psftpd 10.0.4

The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file.

5.3
2017-11-15 CVE-2017-8812 Mediawiki
Debian
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
5.3
2017-11-15 CVE-2017-12737 Siemens Information Exposure vulnerability in Siemens Sm-2556 Firmware

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00.

5.3
2017-11-15 CVE-2017-11834 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

5.3
2017-11-15 CVE-2017-11830 Microsoft Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft Windows 10, Windows Server and Windows Server 2016

Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".

5.3
2017-11-14 CVE-2017-10266 Oracle Information Exposure vulnerability in Oracle Tuxedo

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core).

5.3
2017-11-14 CVE-2017-9369 Blackberry Information Exposure vulnerability in Blackberry QNX Software Development Platform 6.5.0/6.6.0

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader.

4.9
2017-11-17 CVE-2017-13700 Moxa Cross-site Scripting vulnerability in Moxa Eds-G512E Firmware 5.1

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices.

4.8
2017-11-17 CVE-2017-1000213 Wbce Cross-site Scripting vulnerability in Wbce CMS 1.1.11

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search

4.8
2017-11-16 CVE-2017-16842 Yoast Cross-site Scripting vulnerability in Yoast Wordpress SEO

Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML.

4.8
2017-11-15 CVE-2017-11880 Microsoft Information Exposure vulnerability in Microsoft products

Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability".

4.7
2017-11-15 CVE-2017-11852 Microsoft Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008

Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability".

4.7
2017-11-15 CVE-2017-11851 Microsoft Information Exposure vulnerability in Microsoft products

The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability".

4.7
2017-11-15 CVE-2017-11849 Microsoft Information Exposure vulnerability in Microsoft products

Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability".

4.7
2017-11-15 CVE-2017-11842 Microsoft Information Exposure vulnerability in Microsoft products

Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability".

4.7
2017-11-15 CVE-2017-11832 Microsoft Information Exposure vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Server 2012

The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835.

4.7
2017-11-15 CVE-2017-11831 Microsoft Information Exposure vulnerability in Microsoft products

Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability".

4.7
2017-11-17 CVE-2017-10890 Sharp Session Fixation vulnerability in Sharp products

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.

4.6
2017-11-13 CVE-2017-13786 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

4.6
2017-11-13 CVE-2017-15525 Symantec Unspecified vulnerability in Symantec Endpoint Encryption

Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.

4.5
2017-11-16 CVE-2017-12306 Cisco Download of Code Without Integrity Check vulnerability in Cisco Conference Director 20170815

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass.

4.4
2017-11-17 CVE-2017-10889 Tablepress XXE vulnerability in Tablepress

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.

4.3
2017-11-16 CVE-2017-16560 Sandisk Insecure Storage of Sensitive Information vulnerability in Sandisk Secureaccess 3.01

SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes.

4.3
2017-11-16 CVE-2017-12302 Cisco SQL Injection vulnerability in Cisco Unified Communications Domain Manager

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection.

4.3
2017-11-15 CVE-2017-15269 Psftp Externally Controlled Reference to a Resource in Another Sphere vulnerability in Psftp Psftpd 10.0.4

The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default.

4.3
2017-11-15 CVE-2017-11848 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 11

Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability".

4.3
2017-11-15 CVE-2017-11844 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".

4.3
2017-11-15 CVE-2017-11803 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".

4.3
2017-11-13 CVE-2017-16804 Redmine
Debian
Information Exposure vulnerability in multiple products

In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.

4.3

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-16 CVE-2017-1088 Freebsd Information Exposure vulnerability in Freebsd

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data.

3.3
2017-11-16 CVE-2017-1086 Freebsd Information Exposure vulnerability in Freebsd

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings.

3.3
2017-11-13 CVE-2017-13852 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

3.3
2017-11-13 CVE-2017-13801 Apple Information Exposure vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

3.3
2017-11-15 CVE-2017-11874 Microsoft Unspecified vulnerability in Microsoft Chakracore and Edge

Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability".

3.1
2017-11-15 CVE-2017-11833 Microsoft Information Exposure vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability".

3.1
2017-11-15 CVE-2017-11791 Microsoft Information Exposure vulnerability in Microsoft Chakracore, Edge and Internet Explorer

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

3.1
2017-11-15 CVE-2017-11850 Microsoft Information Exposure vulnerability in Microsoft products

Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability".

2.5
2017-11-15 CVE-2017-11768 Microsoft Information Exposure vulnerability in Microsoft Windows Media Player

Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application.

2.5
2017-11-13 CVE-2017-13844 Apple Information Exposure vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.4
2017-11-13 CVE-2017-13805 Apple Information Exposure vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

2.4