Weekly Vulnerabilities Reports > November 27 to December 3, 2017
Overview
200 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 338 products from 85 vendors including Cisco, Debian, IBM, Adobe, and Redhat. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", and "Improper Authentication".
- 162 reported vulnerabilities are remotely exploitables.
- 19 reported vulnerabilities have public exploit available.
- 79 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 148 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 45 reported vulnerabilities.
- TP Link has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
20 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-12-01 | CVE-2017-10903 | Princeton | Improper Authentication vulnerability in Princeton Ptw-Wms1 Firmware 2.000.012 Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. | 10.0 |
2017-12-01 | CVE-2017-10902 | Princeton | OS Command Injection vulnerability in Princeton Ptw-Wms1 Firmware 2.000.012 PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 10.0 |
2017-11-30 | CVE-2017-17067 | Splunk | Incorrect Authorization vulnerability in Splunk Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks. | 10.0 |
2017-11-29 | CVE-2017-14189 | Fortinet | Weak Password Requirements vulnerability in Fortinet Fortiweb Manager 5.8.0 An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. | 10.0 |
2017-11-28 | CVE-2017-8020 | EMC | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Scaleio An issue was discovered in EMC ScaleIO 2.0.1.x. | 10.0 |
2017-11-27 | CVE-2017-1000214 | Gitphp Project | OS Command Injection vulnerability in Gitphp Project Gitphp GitPHP by xiphux is vulnerable to OS Command Injections | 10.0 |
2017-12-01 | CVE-2017-15702 | Apache | Unspecified vulnerability in Apache Qpid Broker-J In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. | 9.8 |
2017-11-27 | CVE-2017-1001003 | Mathjs Project | Improper Input Validation vulnerability in Mathjs Project Mathjs math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object. | 9.8 |
2017-11-27 | CVE-2017-1001002 | Mathjs | Code Injection vulnerability in Mathjs Math.Js math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. | 9.8 |
2017-12-01 | CVE-2017-10892 | Sony | Untrusted Search Path vulnerability in Sony Music Center 1.0.00 Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 9.3 |
2017-12-01 | CVE-2017-10891 | Sony | Untrusted Search Path vulnerability in Sony Media GO 3.2.0.191 Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 9.3 |
2017-11-29 | CVE-2017-14591 | Atlassian | Argument Injection or Modification vulnerability in Atlassian Crucible and Fisheye Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software. | 9.3 |
2017-11-29 | CVE-2017-13872 | Apple | Improper Authentication vulnerability in Apple mac OS X 10.13.0/10.13.1 An issue was discovered in certain Apple products. | 9.3 |
2017-11-27 | CVE-2017-15114 | Redhat | Improper Certificate Validation vulnerability in Redhat Openstack Platform 12.0 When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. | 9.3 |
2017-11-27 | CVE-2017-14176 | Debian Canonical | Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. | 9.3 |
2017-11-28 | CVE-2017-15673 | CS Cart | Unrestricted Upload of File with Dangerous Type vulnerability in Cs-Cart The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page. | 9.0 |
2017-11-27 | CVE-2017-14585 | Atlassian | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Hipchat Data Center and Hipchat Server A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. | 9.0 |
2017-11-27 | CVE-2017-16960 | TP Link | OS Command Injection vulnerability in Tp-Link products TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd. | 9.0 |
2017-11-27 | CVE-2017-16958 | TP Link | OS Command Injection vulnerability in Tp-Link products TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd. | 9.0 |
2017-11-27 | CVE-2017-16957 | TP Link | OS Command Injection vulnerability in Tp-Link products TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd. | 9.0 |
37 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-11-30 | CVE-2017-12631 | Apache | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. | 8.8 |
2017-11-27 | CVE-2017-1001004 | Typed Function Project | Improper Input Validation vulnerability in Typed Function Project Typed Function typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. | 8.8 |
2017-11-27 | CVE-2017-4995 | Vmware | Deserialization of Untrusted Data vulnerability in VMWare Spring Security An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. | 8.1 |
2017-11-30 | CVE-2017-12362 | Cisco | Unspecified vulnerability in Cisco Meeting Server A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. | 7.8 |
2017-11-29 | CVE-2017-17052 | Linux | Use After Free vulnerability in Linux Kernel The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. | 7.8 |
2017-12-01 | CVE-2017-15701 | Apache | Resource Exhaustion vulnerability in Apache Qpid Broker-J In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. | 7.5 |
2017-12-01 | CVE-2017-10900 | Princeton | Unspecified vulnerability in Princeton Ptw-Wms1 Firmware 2.000.012 PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors. | 7.5 |
2017-12-01 | CVE-2017-10899 | ARK WEB | SQL Injection vulnerability in Ark-Web A-Reserve SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2017-12-01 | CVE-2017-10898 | ARK WEB | SQL Injection vulnerability in Ark-Web A-Member SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2017-12-01 | CVE-2017-17086 | Inedo | Improper Input Validation vulnerability in Inedo Otter Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor. | 7.5 |
2017-12-01 | CVE-2017-17085 | Wireshark Debian | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. | 7.5 |
2017-12-01 | CVE-2017-17084 | Wireshark Debian | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. | 7.5 |
2017-12-01 | CVE-2017-17083 | Wireshark Debian | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. | 7.5 |
2017-12-01 | CVE-2017-15607 | Inedo | Path Traversal vulnerability in Inedo Otter Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. | 7.5 |
2017-12-01 | CVE-2017-11284 | Adobe | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. | 7.5 |
2017-12-01 | CVE-2017-11283 | Adobe | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. | 7.5 |
2017-12-01 | CVE-2017-11282 | Adobe Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. | 7.5 |
2017-12-01 | CVE-2017-11281 | Adobe Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. | 7.5 |
2017-11-30 | CVE-2017-17065 | Dlink | Improper Input Validation vulnerability in Dlink Dir-605L Model B Firmware An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. | 7.5 |
2017-11-29 | CVE-2017-8818 | Haxx | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl and Libcurl curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. | 7.5 |
2017-11-29 | CVE-2017-8817 | Haxx Debian | Out-of-bounds Read vulnerability in multiple products The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. | 7.5 |
2017-11-29 | CVE-2017-8816 | Haxx Debian | Integer Overflow or Wraparound vulnerability in multiple products The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. | 7.5 |
2017-11-29 | CVE-2017-14378 | EMC | Unspecified vulnerability in EMC products EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability." | 7.5 |
2017-11-29 | CVE-2017-14377 | RSA | Improper Authentication vulnerability in RSA Authentication Agent for web 8.0/8.0.1 EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass. | 7.5 |
2017-11-29 | CVE-2017-17058 | Automattic | Path Traversal vulnerability in Automattic Woocommerce The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. | 7.5 |
2017-11-27 | CVE-2017-14746 | Samba Redhat Debian Canonical | Use After Free vulnerability in multiple products Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | 7.5 |
2017-11-27 | CVE-2017-14586 | Atlassian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Atlassian Hipchat The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. | 7.5 |
2017-11-27 | CVE-2017-8045 | Pivotal Software | Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Advanced Message Queuing Protocol In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. | 7.5 |
2017-12-03 | CVE-2017-17099 | Flexense | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Syncbreeze 10.1.16 There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. | 7.2 |
2017-12-01 | CVE-2017-16895 | Arqbackup | Incorrect Permission Assignment for Critical Resource vulnerability in Arqbackup ARQ The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | 7.2 |
2017-11-30 | CVE-2017-12352 | Cisco | Command Injection vulnerability in Cisco Application Policy Infrastructure Controller 2.3(1F) A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. | 7.2 |
2017-11-30 | CVE-2017-12341 | Cisco | Command Injection vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 7.2 |
2017-11-30 | CVE-2017-12334 | Cisco | Improper Input Validation vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 7.2 |
2017-11-30 | CVE-2017-12331 | Cisco | Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. | 7.2 |
2017-11-28 | CVE-2017-17045 | XEN | Use After Free vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors. | 7.2 |
2017-11-30 | CVE-2017-1000405 | Linux | Race Condition vulnerability in Linux Kernel The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. | 7.0 |
2017-11-29 | CVE-2017-17053 | Linux | Use After Free vulnerability in Linux Kernel The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. | 7.0 |
115 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-12-01 | CVE-2017-15357 | Arqbackup | Race Condition vulnerability in Arqbackup ARQ The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | 6.9 |
2017-12-03 | CVE-2017-8823 | TOR Project Debian | Use After Free vulnerability in multiple products In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013. | 6.8 |
2017-12-02 | CVE-2017-17095 | Libtiff | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.9 tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. | 6.8 |
2017-11-30 | CVE-2017-12372 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings and Webex Meetings Server A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. | 6.8 |
2017-11-30 | CVE-2017-12371 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings T30/T31 A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. | 6.8 |
2017-11-30 | CVE-2017-12370 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings T30/T31 A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. | 6.8 |
2017-11-30 | CVE-2017-12369 | Cisco | Out-of-bounds Read vulnerability in Cisco Webex Meetings A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. | 6.8 |
2017-11-30 | CVE-2017-12368 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings and Webex Meetings Server A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. | 6.8 |
2017-11-30 | CVE-2017-12367 | Cisco | Improper Input Validation vulnerability in Cisco Webex Meetings Server T29/T30/T31.11.2 A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. | 6.8 |
2017-11-28 | CVE-2016-10701 | Hitachivantara | Cross-Site Request Forgery (CSRF) vulnerability in Hitachivantara Pentaho Business Analytics In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | 6.8 |
2017-11-27 | CVE-2017-1000207 | Swagger | Deserialization of Untrusted Data vulnerability in Swagger Swagger-Codegen and Swagger-Parser A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. | 6.8 |
2017-12-02 | CVE-2017-17091 | Wordpress | Use of Insufficiently Random Values vulnerability in Wordpress wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. | 6.5 |
2017-12-01 | CVE-2017-14953 | Hikvision | Missing Encryption of Sensitive Data vulnerability in Hikvision Ds-2Cd2432F-Iw Firmware 5.3.0/5.4.0 HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. | 6.5 |
2017-11-30 | CVE-2017-12343 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.3(1)S3 Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 6.5 |
2017-11-30 | CVE-2017-14198 | Squiz | Code Injection vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. | 6.5 |
2017-11-27 | CVE-2017-15055 | Teampass | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. | 6.5 |
2017-11-27 | CVE-2017-15054 | Teampass | Unrestricted Upload of File with Dangerous Type vulnerability in Teampass An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | 6.5 |
2017-11-27 | CVE-2017-16955 | Inlinks Project | SQL Injection vulnerability in Inlinks Project Inlinks 1.0 SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php. | 6.5 |
2017-12-01 | CVE-2017-6679 | Cisco | Unspecified vulnerability in Cisco Umbrella 2.0.3 The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. | 6.4 |
2017-12-01 | CVE-2017-14487 | Ohmibod | Authentication Bypass by Spoofing vulnerability in Ohmibod Remote The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user_id, and token fields in data/data/com.ohmibod.remote2/shared_prefs/OMB.xml. | 6.4 |
2017-12-01 | CVE-2017-10861 | Qualitysoft | Path Traversal vulnerability in Qualitysoft QND Advance/Standard Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command. | 6.4 |
2017-11-30 | CVE-2017-12364 | Cisco | SQL Injection vulnerability in Cisco Prime Service Catalog 11.1.1/12.0/12.1 A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. | 6.4 |
2017-11-27 | CVE-2017-15100 | Theforeman Redhat | Cross-site Scripting vulnerability in multiple products An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page. | 6.1 |
2017-12-01 | CVE-2017-3105 | Adobe Microsoft | Open Redirect vulnerability in Adobe Robohelp Adobe RoboHelp has an Open Redirect vulnerability. | 5.8 |
2017-11-30 | CVE-2017-12344 | Cisco | Open Redirect vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 5.8 |
2017-11-28 | CVE-2016-10702 | Pebble | Information Exposure vulnerability in Pebble Firmware Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary. | 5.8 |
2017-11-27 | CVE-2017-9316 | Dahuasecurity | Improper Authentication vulnerability in Dahuasecurity products Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. | 5.8 |
2017-11-30 | CVE-2017-15116 | Linux Redhat | NULL Pointer Dereference vulnerability in multiple products The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). | 5.5 |
2017-11-27 | CVE-2017-8028 | Pivotal Software Debian | Improper Authentication vulnerability in multiple products In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. | 5.1 |
2017-12-03 | CVE-2017-8821 | TOR Project Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011. | 5.0 |
2017-12-03 | CVE-2017-8820 | TOR Project Debian | NULL Pointer Dereference vulnerability in multiple products In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010. | 5.0 |
2017-12-03 | CVE-2017-8819 | TOR Project Debian | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. | 5.0 |
2017-12-02 | CVE-2017-17090 | Digium | Incomplete Cleanup vulnerability in Digium Asterisk and Certified Asterisk An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. | 5.0 |
2017-12-01 | CVE-2017-16953 | ZTE | Improper Authentication vulnerability in ZTE Zxdsl 831Cii Firmware connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. | 5.0 |
2017-12-01 | CVE-2017-16612 | Debian Canonical X | Integer Overflow or Wraparound vulnerability in multiple products libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. | 5.0 |
2017-12-01 | CVE-2017-14486 | Vibease | Cleartext Transmission of Sensitive Information vulnerability in Vibease Chat and Wireless Remote Vibrator The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic. | 5.0 |
2017-12-01 | CVE-2017-13664 | Ismartalarm | Information Exposure vulnerability in Ismartalarm Cubeone Firmware Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. | 5.0 |
2017-12-01 | CVE-2017-13663 | Ismartalarm | Cleartext Storage of Sensitive Information vulnerability in Ismartalarm Cubeone Firmware Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. | 5.0 |
2017-12-01 | CVE-2017-15707 | Apache Netapp Oracle | Improper Input Validation vulnerability in multiple products In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | 5.0 |
2017-12-01 | CVE-2017-10901 | Princeton | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Princeton Ptw-Wms1 Firmware 2.000.012 Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. | 5.0 |
2017-12-01 | CVE-2017-10895 | Sdnsproxy Project | Improper Check for Unusual or Exceptional Conditions vulnerability in Sdnsproxy Project Sdnsproxy 1.1.0.0 sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
2017-12-01 | CVE-2017-10894 | Streamrelay | Improper Check for Unusual or Exceptional Conditions vulnerability in Streamrelay 2.14.0.7 StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
2017-12-01 | CVE-2017-10874 | NTT East | Use of Insufficiently Random Values vulnerability in Ntt-East Pwr-Q200 Firmware PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks. | 5.0 |
2017-12-01 | CVE-2017-11286 | Adobe | XXE vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. | 5.0 |
2017-11-30 | CVE-2017-1000406 | Opendaylight | 7PK - Security Features vulnerability in Opendaylight Karaf 0.6.1Carbon OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. | 5.0 |
2017-11-30 | CVE-2017-3764 | Lenovo | Information Exposure vulnerability in Lenovo Xclarity Administrator A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. | 5.0 |
2017-11-30 | CVE-2017-14949 | Restlet | XXE vulnerability in Restlet Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. | 5.0 |
2017-11-30 | CVE-2017-14868 | Restlet | XXE vulnerability in Restlet Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. | 5.0 |
2017-11-30 | CVE-2017-12363 | Cisco | Exposure of Resource to Wrong Sphere vulnerability in Cisco Webex Meetings Server 2.6.0.8/2.7 A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. | 5.0 |
2017-11-30 | CVE-2017-12355 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR 6.4.1Base A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. | 5.0 |
2017-11-30 | CVE-2017-12354 | Cisco | Information Exposure vulnerability in Cisco Secure Access Control System 5.8(0.32) A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. | 5.0 |
2017-11-30 | CVE-2017-12353 | Cisco | Unspecified vulnerability in Cisco Asyncos A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. | 5.0 |
2017-11-30 | CVE-2017-12328 | Cisco | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(0.1) A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. | 5.0 |
2017-11-30 | CVE-2017-14196 | Squiz | Path Traversal vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. | 5.0 |
2017-11-28 | CVE-2017-17042 | Yardoc | Path Traversal vulnerability in Yardoc Yard lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. | 5.0 |
2017-11-28 | CVE-2017-9315 | Dahuasecurity | Unspecified vulnerability in Dahuasecurity products Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. | 5.0 |
2017-11-28 | CVE-2017-8019 | EMC | Improper Input Validation vulnerability in EMC Scaleio An issue was discovered in EMC ScaleIO 2.0.1.x. | 5.0 |
2017-11-27 | CVE-2017-15275 | Samba Redhat Debian Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. | 5.0 |
2017-11-27 | CVE-2017-14390 | Pivotal Software | Unspecified vulnerability in Pivotal Software Cf-Deployment 0.35.0 In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations. | 5.0 |
2017-12-01 | CVE-2017-16611 | Debian Canonical X | Link Following vulnerability in multiple products In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. | 4.9 |
2017-11-30 | CVE-2017-12332 | Cisco | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. | 4.9 |
2017-11-28 | CVE-2017-17044 | XEN | Infinite Loop vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. | 4.9 |
2017-11-30 | CVE-2017-12351 | Cisco | Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(3)I7(1)/8.1(0)Bd(0.20) A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. | 4.6 |
2017-11-30 | CVE-2017-12342 | Cisco | Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(0)Hsk(0.357)/8.1(1) A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. | 4.6 |
2017-11-30 | CVE-2017-12340 | Cisco | Improper Encoding or Escaping of Output vulnerability in Cisco Nx-Os 8.1(0.70)S0 A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. | 4.6 |
2017-11-30 | CVE-2017-12339 | Cisco | Command Injection vulnerability in Cisco LAN Switch Software and Nx-Os A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 4.6 |
2017-11-30 | CVE-2017-12336 | Cisco | Improper Input Validation vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. | 4.6 |
2017-11-30 | CVE-2017-12335 | Cisco | Command Injection vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 4.6 |
2017-11-30 | CVE-2017-12333 | Cisco | Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. | 4.6 |
2017-11-30 | CVE-2017-12330 | Cisco | Command Injection vulnerability in Cisco Nx-Os 7.0(0)Hsk(0.357)/8.1(0)Bd(0.20)/8.1(1) A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 4.6 |
2017-11-30 | CVE-2017-12329 | Cisco | Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 4.6 |
2017-11-29 | CVE-2017-17050 | Tgsoft | NULL Pointer Dereference vulnerability in Tgsoft Vir.It Explorer 8.5.42 TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\.\Viragtlt. | 4.6 |
2017-11-29 | CVE-2017-17049 | Tgsoft | NULL Pointer Dereference vulnerability in Tgsoft Vir.It Explorer 8.5.42 TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\.\Viragtlt. | 4.6 |
2017-11-27 | CVE-2017-1000159 | Gnome | OS Command Injection vulnerability in Gnome Evince Command injection in evince via filename when printing to PDF. | 4.6 |
2017-12-03 | CVE-2017-17096 | Content Cards Project | Cross-site Scripting vulnerability in Content Cards Project Content Cards Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data. | 4.3 |
2017-12-03 | CVE-2017-8822 | TOR Project Debian | Channel and Path Errors vulnerability in multiple products In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012. | 4.3 |
2017-12-03 | CVE-2017-14516 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | 4.3 |
2017-12-01 | CVE-2017-3104 | Adobe Microsoft | Cross-site Scripting vulnerability in Adobe Robohelp Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. | 4.3 |
2017-12-01 | CVE-2017-11285 | Adobe | Cross-site Scripting vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. | 4.3 |
2017-11-30 | CVE-2017-17081 | Ffmpeg | Out-of-bounds Read vulnerability in Ffmpeg 3.4 The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. | 4.3 |
2017-11-30 | CVE-2017-17080 | GNU | Out-of-bounds Read vulnerability in GNU Binutils 2.29.1 elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status. | 4.3 |
2017-11-30 | CVE-2017-12366 | Cisco | Cross-site Scripting vulnerability in Cisco Webex Meeting Center T32.6 A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. | 4.3 |
2017-11-30 | CVE-2017-12360 | Cisco | Unspecified vulnerability in Cisco Webex Meeting Center A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. | 4.3 |
2017-11-30 | CVE-2017-12359 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meeting Center and Webex Meetings Server A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. | 4.3 |
2017-11-30 | CVE-2017-12356 | Cisco | Cross-site Scripting vulnerability in Cisco Jabber 10.5(2)/11.9(1) A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2017-11-30 | CVE-2017-12347 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.3 |
2017-11-30 | CVE-2017-12346 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.3 |
2017-11-30 | CVE-2017-12345 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.3 |
2017-11-30 | CVE-2017-14197 | Squiz | Cross-site Scripting vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. | 4.3 |
2017-11-29 | CVE-2017-17059 | Amtythumb Project | Cross-site Scripting vulnerability in Amtythumb Project Amtythumb XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. | 4.3 |
2017-11-29 | CVE-2017-17054 | Aubio | Divide By Zero vulnerability in Aubio 0.4.6 In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file. | 4.3 |
2017-11-28 | CVE-2017-17043 | Zitec | Cross-site Scripting vulnerability in Zitec Emag Marketplace Connector 1.0.0 The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. | 4.3 |
2017-11-28 | CVE-2017-16952 | Kmplayer | Improper Input Validation vulnerability in Kmplayer 4.2.2.4 KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file. | 4.3 |
2017-11-28 | CVE-2017-16951 | Audiovalley | Improper Input Validation vulnerability in Audiovalley Winamp PRO 5.66 Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file. | 4.3 |
2017-11-27 | CVE-2017-8044 | Vmware | Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks. | 4.3 |
2017-11-27 | CVE-2017-8039 | Pivotal | Insecure Default Initialization of Resource vulnerability in Pivotal Spring web Flow An issue was discovered in Pivotal Spring Web Flow through 2.4.5. | 4.3 |
2017-11-27 | CVE-2017-16962 | Communigate | Cross-site Scripting vulnerability in Communigate PRO The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component. | 4.3 |
2017-11-27 | CVE-2017-16956 | Symphony Project | Cross-site Scripting vulnerability in Symphony Project Symphony 2.2.0 b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title. | 4.3 |
2017-12-01 | CVE-2017-16893 | Piwigo | SQL Injection vulnerability in Piwigo The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. | 4.0 |
2017-11-30 | CVE-2017-12365 | Cisco | Information Exposure vulnerability in Cisco Webex Meeting Center T32.6 A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. | 4.0 |
2017-11-30 | CVE-2017-12297 | Cisco | Improper Input Validation vulnerability in Cisco Webex Meeting Center A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. | 4.0 |
2017-11-28 | CVE-2017-14389 | Cloudfoundry | Unspecified vulnerability in Cloudfoundry Capi-Release An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). | 4.0 |
2017-11-27 | CVE-2017-1628 | IBM | Incorrect Authorization vulnerability in IBM Business Process Manager 8.6.0.0 IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. | 4.0 |
2017-11-27 | CVE-2017-1570 | IBM | Information Exposure vulnerability in IBM products IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. | 4.0 |
2017-11-27 | CVE-2017-1484 | IBM | Information Exposure vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. | 4.0 |
2017-11-27 | CVE-2017-1283 | IBM | Missing Release of Resource after Effective Lifetime vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. | 4.0 |
2017-11-27 | CVE-2017-1251 | IBM | Information Exposure vulnerability in IBM products An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. | 4.0 |
2017-11-27 | CVE-2017-1240 | IBM | Information Exposure vulnerability in IBM products IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. | 4.0 |
2017-11-27 | CVE-2016-6024 | IBM | Information Exposure vulnerability in IBM products IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. | 4.0 |
2017-11-27 | CVE-2017-15053 | Teampass | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. | 4.0 |
2017-11-27 | CVE-2017-15052 | Teampass | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. | 4.0 |
2017-11-27 | CVE-2017-0910 | Zulip | Improper Authentication vulnerability in Zulip Server In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm. | 4.0 |
2017-11-27 | CVE-2017-8038 | Pivotal Software | Unspecified vulnerability in Pivotal Software Credhub-Release 1.1.0 In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. | 4.0 |
2017-11-27 | CVE-2017-16961 | Bigtreecms | SQL Injection vulnerability in Bigtreecms Bigtree CMS A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. | 4.0 |
2017-11-27 | CVE-2017-16959 | TP Link | Path Traversal vulnerability in Tp-Link products The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd. | 4.0 |
28 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2017-12-02 | CVE-2017-17094 | Wordpress Debian | Cross-site Scripting vulnerability in Wordpress wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. | 3.5 |
2017-12-02 | CVE-2017-17093 | Wordpress Debian | Cross-site Scripting vulnerability in Wordpress wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. | 3.5 |
2017-12-02 | CVE-2017-17092 | Wordpress Debian | Cross-site Scripting vulnerability in Wordpress wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. | 3.5 |
2017-11-30 | CVE-2017-12358 | Cisco | Cross-site Scripting vulnerability in Cisco Jabber 11.9(0) A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 3.5 |
2017-11-30 | CVE-2017-12357 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 3.5 |
2017-11-30 | CVE-2017-12349 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 2.2(1A)A Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. | 3.5 |
2017-11-30 | CVE-2017-12348 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 2.2(1A)A Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. | 3.5 |
2017-11-29 | CVE-2017-14186 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. | 3.5 |
2017-11-28 | CVE-2017-14379 | EMC | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 8.1 EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 3.5 |
2017-11-27 | CVE-2017-1689 | IBM | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. | 3.5 |
2017-11-27 | CVE-2017-1688 | IBM | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. | 3.5 |
2017-11-27 | CVE-2017-1678 | IBM | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 3.5 |
2017-11-27 | CVE-2017-1650 | IBM | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. | 3.5 |
2017-11-27 | CVE-2017-1607 | IBM | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. | 3.5 |
2017-11-27 | CVE-2017-1593 | IBM | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 3.5 |
2017-11-27 | CVE-2017-1560 | IBM | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 3.5 |
2017-11-27 | CVE-2017-1461 | IBM | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 3.5 |
2017-11-27 | CVE-2017-15051 | Teampass | Cross-site Scripting vulnerability in Teampass Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. | 3.5 |
2017-11-27 | CVE-2017-8031 | Cloudfoundry | Unspecified vulnerability in Cloudfoundry Cf-Release An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). | 3.5 |
2017-12-01 | CVE-2017-17087 | VIM Debian Canonical | Exposure of Resource to Wrong Sphere vulnerability in multiple products fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. | 2.1 |
2017-11-30 | CVE-2017-12361 | Cisco | Use of Insufficiently Random Values vulnerability in Cisco Jabber A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. | 2.1 |
2017-11-30 | CVE-2017-12338 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. | 2.1 |
2017-11-28 | CVE-2017-17046 | XEN | Information Exposure vulnerability in XEN An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. | 2.1 |
2017-11-28 | CVE-2017-8001 | Dell Linux | Information Exposure Through Log Files vulnerability in Dell EMC Scaleio An issue was discovered in EMC ScaleIO 2.0.1.x. | 2.1 |
2017-11-27 | CVE-2017-16994 | Linux | Information Exposure vulnerability in Linux Kernel The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. | 2.1 |
2017-11-27 | CVE-2015-7269 | Seagate | 7PK - Security Features vulnerability in Seagate St500Lt015 Firmware Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack." | 1.9 |
2017-11-27 | CVE-2015-7268 | Samsung Seagate | 7PK - Security Features vulnerability in multiple products Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack." | 1.9 |
2017-11-27 | CVE-2015-7267 | Samsung Seagate | 7PK - Security Features vulnerability in multiple products Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack." | 1.9 |