Weekly Vulnerabilities Reports > November 27 to December 3, 2017

Overview

200 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 339 products from 85 vendors including Cisco, Debian, IBM, Adobe, and Linux. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", and "Improper Authentication".

  • 162 reported vulnerabilities are remotely exploitables.
  • 19 reported vulnerabilities have public exploit available.
  • 79 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 152 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 45 reported vulnerabilities.
  • TP Link has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-01 CVE-2017-10903 Princeton Improper Authentication vulnerability in Princeton Ptw-Wms1 Firmware 2.000.012

Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.

10.0
2017-12-01 CVE-2017-10902 Princeton OS Command Injection vulnerability in Princeton Ptw-Wms1 Firmware 2.000.012

PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

10.0
2017-11-30 CVE-2017-17067 Splunk Incorrect Authorization vulnerability in Splunk

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.

10.0
2017-11-29 CVE-2017-14189 Fortinet Weak Password Requirements vulnerability in Fortinet Fortiweb Manager 5.8.0

An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.

10.0
2017-11-28 CVE-2017-8020 EMC Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Scaleio

An issue was discovered in EMC ScaleIO 2.0.1.x.

10.0
2017-11-27 CVE-2017-1000214 Gitphp Project OS Command Injection vulnerability in Gitphp Project Gitphp

GitPHP by xiphux is vulnerable to OS Command Injections

10.0
2017-12-01 CVE-2017-10892 Sony Untrusted Search Path vulnerability in Sony Music Center 1.0.00

Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

9.3
2017-12-01 CVE-2017-10891 Sony Untrusted Search Path vulnerability in Sony Media GO 3.2.0.191

Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

9.3
2017-11-29 CVE-2017-14591 Atlassian Argument Injection or Modification vulnerability in Atlassian Crucible and Fisheye

Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.

9.3
2017-11-29 CVE-2017-13872 Apple Improper Authentication vulnerability in Apple mac OS X 10.13.0/10.13.1

An issue was discovered in certain Apple products.

9.3
2017-11-27 CVE-2017-15114 Redhat Improper Certificate Validation vulnerability in Redhat Openstack Platform 12.0

When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services.

9.3
2017-11-27 CVE-2017-14176 Debian
Canonical
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
9.3
2017-11-28 CVE-2017-15673 CS Cart Unrestricted Upload of File with Dangerous Type vulnerability in Cs-Cart

The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.

9.0
2017-11-27 CVE-2017-14585 Atlassian Server-Side Request Forgery (SSRF) vulnerability in Atlassian Hipchat Data Center and Hipchat Server

A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators.

9.0
2017-11-27 CVE-2017-16960 TP Link OS Command Injection vulnerability in Tp-Link products

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.

9.0
2017-11-27 CVE-2017-16958 TP Link OS Command Injection vulnerability in Tp-Link products

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.

9.0
2017-11-27 CVE-2017-16957 TP Link OS Command Injection vulnerability in Tp-Link products

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.

9.0

30 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-11-30 CVE-2017-17065 D Link Improper Input Validation vulnerability in D-Link Dir-605L Model B Firmware

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP.

7.8
2017-11-30 CVE-2017-12362 Cisco Unspecified vulnerability in Cisco Meeting Server

A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition.

7.8
2017-12-01 CVE-2017-15702 Apache Unspecified vulnerability in Apache Qpid Java

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port.

7.5
2017-12-01 CVE-2017-10900 Princeton Unspecified vulnerability in Princeton Ptw-Wms1 Firmware 2.000.012

PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors.

7.5
2017-12-01 CVE-2017-10899 ARK WEB SQL Injection vulnerability in Ark-Web A-Reserve

SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.

7.5
2017-12-01 CVE-2017-10898 ARK WEB SQL Injection vulnerability in Ark-Web A-Member

SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.

7.5
2017-12-01 CVE-2017-17086 Inedo Improper Input Validation vulnerability in Inedo Otter

Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.

7.5
2017-12-01 CVE-2017-15607 Inedo Path Traversal vulnerability in Inedo Otter

Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.

7.5
2017-12-01 CVE-2017-11284 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability.

7.5
2017-12-01 CVE-2017-11283 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability.

7.5
2017-12-01 CVE-2017-11282 Adobe
Redhat
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser.

7.5
2017-12-01 CVE-2017-11281 Adobe
Redhat
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function.

7.5
2017-11-29 CVE-2017-8818 Haxx Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl and Libcurl

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.

7.5
2017-11-29 CVE-2017-8817 Haxx
Debian
Out-of-bounds Read vulnerability in multiple products

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.

7.5
2017-11-29 CVE-2017-8816 Haxx
Debian
Integer Overflow or Wraparound vulnerability in multiple products

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.

7.5
2017-11-29 CVE-2017-14378 EMC Unspecified vulnerability in EMC products

EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability."

7.5
2017-11-29 CVE-2017-14377 RSA Improper Authentication vulnerability in RSA Authentication Agent for web 8.0/8.0.1

EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass.

7.5
2017-11-27 CVE-2017-14746 Samba
Canonical
Debian
Redhat
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

7.5
2017-11-27 CVE-2017-14586 Atlassian Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Atlassian Hipchat

The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing.

7.5
2017-11-27 CVE-2017-1001003 Mathjs Project Improper Input Validation vulnerability in Mathjs Project Mathjs

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.

7.5
2017-11-27 CVE-2017-1001002 Mathjs Code Injection vulnerability in Mathjs Math.Js

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine.

7.5
2017-11-27 CVE-2017-8045 Pivotal Software Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Advanced Message Queuing Protocol

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string.

7.5
2017-12-03 CVE-2017-17099 Flexense Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Syncbreeze 10.1.16

There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16.

7.2
2017-12-01 CVE-2017-16895 Arqbackup Incorrect Permission Assignment for Critical Resource vulnerability in Arqbackup ARQ

The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.

7.2
2017-11-30 CVE-2017-12352 Cisco Command Injection vulnerability in Cisco Application Policy Infrastructure Controller 2.3(1F)

A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system.

7.2
2017-11-30 CVE-2017-12341 Cisco Command Injection vulnerability in Cisco Nx-Os and Unified Computing System

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.

7.2
2017-11-30 CVE-2017-12334 Cisco Improper Input Validation vulnerability in Cisco Nx-Os and Unified Computing System

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.

7.2
2017-11-30 CVE-2017-12331 Cisco Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os and Unified Computing System

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch.

7.2
2017-11-29 CVE-2017-17052 Linux Use After Free vulnerability in Linux Kernel

The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.

7.2
2017-11-28 CVE-2017-17045 XEN Use After Free vulnerability in XEN

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.

7.2

123 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-01 CVE-2017-15357 Arqbackup Race Condition vulnerability in Arqbackup ARQ

The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.

6.9
2017-11-30 CVE-2017-1000405 Linux Race Condition vulnerability in Linux Kernel

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation.

6.9
2017-11-29 CVE-2017-17053 Linux Use After Free vulnerability in Linux Kernel

The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.

6.9
2017-12-03 CVE-2017-8823 TOR Project
Debian
Use After Free vulnerability in multiple products

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013.

6.8
2017-12-02 CVE-2017-17095 Libtiff Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.9

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.

6.8
2017-11-30 CVE-2017-12631 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications.

6.8
2017-11-30 CVE-2017-12372 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings and Webex Meetings Server

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

6.8
2017-11-30 CVE-2017-12371 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings T30/T31

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

6.8
2017-11-30 CVE-2017-12370 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings T30/T31

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

6.8
2017-11-30 CVE-2017-12369 Cisco Out-of-bounds Read vulnerability in Cisco Webex Meetings

A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

6.8
2017-11-30 CVE-2017-12368 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings and Webex Meetings Server

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

6.8
2017-11-30 CVE-2017-12367 Cisco Improper Input Validation vulnerability in Cisco Webex Meetings Server T29/T30/T31.11.2

A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

6.8
2017-11-28 CVE-2016-10701 Hitachivantara Cross-Site Request Forgery (CSRF) vulnerability in Hitachivantara Pentaho Business Analytics

In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.

6.8
2017-11-27 CVE-2017-1000207 Swagger Deserialization of Untrusted Data vulnerability in Swagger Swagger-Codegen and Swagger-Parser

A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed.

6.8
2017-11-27 CVE-2017-1001004 Typed Function Project Improper Input Validation vulnerability in Typed Function Project Typed Function

typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine.

6.8
2017-11-27 CVE-2017-4995 Vmware Deserialization of Untrusted Data vulnerability in VMWare Spring Security

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1.

6.8
2017-12-02 CVE-2017-17091 Wordpress Use of Insufficiently Random Values vulnerability in Wordpress

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.

6.5
2017-11-30 CVE-2017-12343 Cisco Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.3(1)S3

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

6.5
2017-11-30 CVE-2017-14198 Squiz Code Injection vulnerability in Squiz Matrix

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3.

6.5
2017-11-27 CVE-2017-15055 Teampass Improper Privilege Management vulnerability in Teampass

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php.

6.5
2017-11-27 CVE-2017-15054 Teampass Unrestricted Upload of File with Dangerous Type vulnerability in Teampass

An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.

6.5
2017-11-27 CVE-2017-16955 Inlinks Project SQL Injection vulnerability in Inlinks Project Inlinks 1.0

SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.

6.5
2017-12-01 CVE-2017-14487 Ohmibod Authentication Bypass by Spoofing vulnerability in Ohmibod Remote

The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user_id, and token fields in data/data/com.ohmibod.remote2/shared_prefs/OMB.xml.

6.4
2017-12-01 CVE-2017-10861 Qualitysoft Path Traversal vulnerability in Qualitysoft QND Advance/Standard

Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.

6.4
2017-11-30 CVE-2017-12364 Cisco SQL Injection vulnerability in Cisco Prime Service Catalog 11.1.1/12.0/12.1

A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries.

6.4
2017-12-01 CVE-2017-6679 Cisco Unspecified vulnerability in Cisco Umbrella 2.0.3

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters.

6.0
2017-12-01 CVE-2017-3105 Adobe
Microsoft
Open Redirect vulnerability in Adobe Robohelp

Adobe RoboHelp has an Open Redirect vulnerability.

5.8
2017-11-30 CVE-2017-12344 Cisco Open Redirect vulnerability in Cisco Data Center Network Manager 10.2(1)

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

5.8
2017-11-28 CVE-2016-10702 Pebble Information Exposure vulnerability in Pebble Firmware

Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary.

5.8
2017-11-27 CVE-2017-9316 Dahuasecurity Improper Authentication vulnerability in Dahuasecurity products

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products.

5.8
2017-11-27 CVE-2017-8028 Pivotal Software
Debian
Improper Authentication vulnerability in multiple products

In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct.

5.1
2017-12-03 CVE-2017-8821 TOR Project
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011.

5.0
2017-12-03 CVE-2017-8820 TOR Project
Debian
NULL Pointer Dereference vulnerability in multiple products

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.

5.0
2017-12-03 CVE-2017-8819 TOR Project
Debian
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009.
5.0
2017-12-02 CVE-2017-17090 Digium Incomplete Cleanup vulnerability in Digium Asterisk and Certified Asterisk

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older.

5.0
2017-12-01 CVE-2017-16953 ZTE Improper Authentication vulnerability in ZTE Zxdsl 831Cii Firmware

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.

5.0
2017-12-01 CVE-2017-16612 Debian
Canonical
X
Integer Overflow or Wraparound vulnerability in multiple products

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.

5.0
2017-12-01 CVE-2017-14486 Vibease Cleartext Transmission of Sensitive Information vulnerability in Vibease Chat and Wireless Remote Vibrator

The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic.

5.0
2017-12-01 CVE-2017-13664 Ismartalarm Information Exposure vulnerability in Ismartalarm Cubeone Firmware

Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.

5.0
2017-12-01 CVE-2017-13663 Ismartalarm Cleartext Storage of Sensitive Information vulnerability in Ismartalarm Cubeone Firmware

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.

5.0
2017-12-01 CVE-2017-15707 Apache
Netapp
Oracle
Improper Input Validation vulnerability in multiple products

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

5.0
2017-12-01 CVE-2017-15701 Apache Resource Exhaustion vulnerability in Apache Qpid Java

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames.

5.0
2017-12-01 CVE-2017-10901 Princeton Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Princeton Ptw-Wms1 Firmware 2.000.012

Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.

5.0
2017-12-01 CVE-2017-10895 Sdnsproxy Project Improper Check for Unusual or Exceptional Conditions vulnerability in Sdnsproxy Project Sdnsproxy 1.1.0.0

sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors.

5.0
2017-12-01 CVE-2017-10894 Streamrelay Improper Check for Unusual or Exceptional Conditions vulnerability in Streamrelay 2.14.0.7

StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to cause a denial of service via unspecified vectors.

5.0
2017-12-01 CVE-2017-10874 NTT East Use of Insufficiently Random Values vulnerability in Ntt-East Pwr-Q200 Firmware

PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks.

5.0
2017-12-01 CVE-2017-17085 Wireshark
Debian
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash.

5.0
2017-12-01 CVE-2017-17084 Wireshark
Debian
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash.

5.0
2017-12-01 CVE-2017-17083 Wireshark
Debian
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash.

5.0
2017-12-01 CVE-2017-11286 Adobe XXE vulnerability in Adobe Coldfusion 11.0/2016

Adobe ColdFusion has an XML external entity (XXE) injection vulnerability.

5.0
2017-11-30 CVE-2017-1000406 Opendaylight 7PK - Security Features vulnerability in Opendaylight Karaf 0.6.1Carbon

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g.

5.0
2017-11-30 CVE-2017-3764 Lenovo Information Exposure vulnerability in Lenovo Xclarity Administrator

A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface.

5.0
2017-11-30 CVE-2017-14949 Restlet XXE vulnerability in Restlet

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered.

5.0
2017-11-30 CVE-2017-14868 Restlet XXE vulnerability in Restlet

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request.

5.0
2017-11-30 CVE-2017-12363 Cisco Exposure of Resource to Wrong Sphere vulnerability in Cisco Webex Meetings Server 2.6.0.8/2.7

A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system.

5.0
2017-11-30 CVE-2017-12355 Cisco Improper Input Validation vulnerability in Cisco IOS XR 6.4.1Base

A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition.

5.0
2017-11-30 CVE-2017-12354 Cisco Information Exposure vulnerability in Cisco Secure Access Control System 5.8(0.32)

A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system.

5.0
2017-11-30 CVE-2017-12353 Cisco Unspecified vulnerability in Cisco Asyncos

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device.

5.0
2017-11-30 CVE-2017-12328 Cisco Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(0.1)

A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts.

5.0
2017-11-30 CVE-2017-14196 Squiz Path Traversal vulnerability in Squiz Matrix

An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3.

5.0
2017-11-29 CVE-2017-17058 Automattic Path Traversal vulnerability in Automattic Woocommerce

** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory.

5.0
2017-11-28 CVE-2017-17042 Yardoc Path Traversal vulnerability in Yardoc Yard

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

5.0
2017-11-28 CVE-2017-9315 Dahuasecurity Unspecified vulnerability in Dahuasecurity products

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password.

5.0
2017-11-28 CVE-2017-8019 EMC Improper Input Validation vulnerability in EMC Scaleio

An issue was discovered in EMC ScaleIO 2.0.1.x.

5.0
2017-11-27 CVE-2017-15275 Samba
Canonical
Debian
Redhat
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

5.0
2017-11-27 CVE-2017-14390 Pivotal Software Unspecified vulnerability in Pivotal Software Cf-Deployment 0.35.0

In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations.

5.0
2017-11-30 CVE-2017-15116 Linux
Redhat
NULL Pointer Dereference vulnerability in Linux Kernel

The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).

4.9
2017-11-30 CVE-2017-12332 Cisco Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Nx-Os and Unified Computing System

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations.

4.9
2017-11-28 CVE-2017-17044 XEN Infinite Loop vulnerability in XEN

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.

4.9
2017-11-30 CVE-2017-12351 Cisco Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(3)I7(1)/8.1(0)Bd(0.20)

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container.

4.6
2017-11-30 CVE-2017-12342 Cisco Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(0)Hsk(0.357)/8.1(1)

A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC.

4.6
2017-11-30 CVE-2017-12340 Cisco Improper Encoding or Escaping of Output vulnerability in Cisco Nx-Os 8.1(0.70)S0

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system.

4.6
2017-11-30 CVE-2017-12339 Cisco Command Injection vulnerability in Cisco LAN Switch Software and Nx-Os

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.

4.6
2017-11-30 CVE-2017-12336 Cisco Improper Input Validation vulnerability in Cisco Nx-Os and Unified Computing System

A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device.

4.6
2017-11-30 CVE-2017-12335 Cisco Command Injection vulnerability in Cisco Nx-Os and Unified Computing System

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.

4.6
2017-11-30 CVE-2017-12333 Cisco Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os and Unified Computing System

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image.

4.6
2017-11-30 CVE-2017-12330 Cisco Command Injection vulnerability in Cisco Nx-Os 7.0(0)Hsk(0.357)/8.1(0)Bd(0.20)/8.1(1)

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.

4.6
2017-11-30 CVE-2017-12329 Cisco Command Injection vulnerability in Cisco products

A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.

4.6
2017-11-29 CVE-2017-17050 Tgsoft NULL Pointer Dereference vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\.\Viragtlt.

4.6
2017-11-29 CVE-2017-17049 Tgsoft NULL Pointer Dereference vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\.\Viragtlt.

4.6
2017-11-27 CVE-2017-1000159 Gnome OS Command Injection vulnerability in Gnome Evince

Command injection in evince via filename when printing to PDF.

4.6
2017-12-03 CVE-2017-17096 Content Cards Project Cross-site Scripting vulnerability in Content Cards Project Content Cards

Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data.

4.3
2017-12-03 CVE-2017-8822 TOR Project
Debian
Channel and Path Errors vulnerability in multiple products

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

4.3
2017-12-03 CVE-2017-14516 SAP Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation

Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292.

4.3
2017-12-01 CVE-2017-3104 Adobe
Microsoft
Cross-site Scripting vulnerability in Adobe Robohelp

Adobe RoboHelp has a cross-site scripting (XSS) vulnerability.

4.3
2017-12-01 CVE-2017-11285 Adobe Cross-site Scripting vulnerability in Adobe Coldfusion 11.0/2016

Adobe ColdFusion has a cross-site scripting (XSS) vulnerability.

4.3
2017-11-30 CVE-2017-17081 Ffmpeg Out-of-bounds Read vulnerability in Ffmpeg 3.4

The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.

4.3
2017-11-30 CVE-2017-17080 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.29.1

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.

4.3
2017-11-30 CVE-2017-12366 Cisco Cross-site Scripting vulnerability in Cisco Webex Meeting Center T32.6

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system.

4.3
2017-11-30 CVE-2017-12360 Cisco Unspecified vulnerability in Cisco Webex Meeting Center

A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition.

4.3
2017-11-30 CVE-2017-12359 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meeting Center and Webex Meetings Server

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system.

4.3
2017-11-30 CVE-2017-12356 Cisco Cross-site Scripting vulnerability in Cisco Jabber 10.5(2)/11.9(1)

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2017-11-30 CVE-2017-12347 Cisco Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1)

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

4.3
2017-11-30 CVE-2017-12346 Cisco Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1)

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

4.3
2017-11-30 CVE-2017-12345 Cisco Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1)

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

4.3
2017-11-30 CVE-2017-14197 Squiz Cross-site Scripting vulnerability in Squiz Matrix

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3.

4.3
2017-11-29 CVE-2017-17059 Amtythumb Project Cross-site Scripting vulnerability in Amtythumb Project Amtythumb

XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.

4.3
2017-11-29 CVE-2017-17054 Aubio Divide By Zero vulnerability in Aubio 0.4.6

In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.

4.3
2017-11-28 CVE-2017-17043 Zitec Cross-site Scripting vulnerability in Zitec Emag Marketplace Connector 1.0.0

The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.

4.3
2017-11-28 CVE-2017-16952 Kmplayer Improper Input Validation vulnerability in Kmplayer 4.2.2.4

KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.

4.3
2017-11-28 CVE-2017-16951 Audiovalley Improper Input Validation vulnerability in Audiovalley Winamp PRO 5.66

Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.

4.3
2017-11-27 CVE-2017-15100 Theforeman Cross-site Scripting vulnerability in Theforeman Foreman

An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.

4.3
2017-11-27 CVE-2017-8044 Vmware Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry

In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.

4.3
2017-11-27 CVE-2017-8039 Pivotal Insecure Default Initialization of Resource vulnerability in Pivotal Spring web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.5.

4.3
2017-11-27 CVE-2017-16962 Communigate Cross-site Scripting vulnerability in Communigate PRO

The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.

4.3
2017-11-27 CVE-2017-16956 Symphony Project Cross-site Scripting vulnerability in Symphony Project Symphony 2.2.0

b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.

4.3
2017-12-01 CVE-2017-16893 Piwigo SQL Injection vulnerability in Piwigo

The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior.

4.0
2017-11-30 CVE-2017-12365 Cisco Information Exposure vulnerability in Cisco Webex Meeting Center T32.6

A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information.

4.0
2017-11-30 CVE-2017-12297 Cisco Improper Input Validation vulnerability in Cisco Webex Meeting Center

A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center.

4.0
2017-11-28 CVE-2017-14389 Cloudfoundry Unspecified vulnerability in Cloudfoundry Capi-Release

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0).

4.0
2017-11-27 CVE-2017-1628 IBM Incorrect Authorization vulnerability in IBM Business Process Manager 8.6.0.0

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.

4.0
2017-11-27 CVE-2017-1570 IBM Information Exposure vulnerability in IBM products

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces.

4.0
2017-11-27 CVE-2017-1484 IBM Information Exposure vulnerability in IBM Websphere Commerce

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data.

4.0
2017-11-27 CVE-2017-1283 IBM Missing Release of Resource after Effective Lifetime vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications.

4.0
2017-11-27 CVE-2017-1251 IBM Information Exposure vulnerability in IBM products

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.

4.0
2017-11-27 CVE-2017-1240 IBM Information Exposure vulnerability in IBM products

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses.

4.0
2017-11-27 CVE-2016-6024 IBM Information Exposure vulnerability in IBM products

IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages.

4.0
2017-11-27 CVE-2017-15053 Teampass Improper Privilege Management vulnerability in Teampass

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php.

4.0
2017-11-27 CVE-2017-15052 Teampass Improper Privilege Management vulnerability in Teampass

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php.

4.0
2017-11-27 CVE-2017-0910 Zulip Improper Authentication vulnerability in Zulip Server

In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.

4.0
2017-11-27 CVE-2017-8038 Pivotal Software Unspecified vulnerability in Pivotal Software Credhub-Release 1.1.0

In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential.

4.0
2017-11-27 CVE-2017-16961 Bigtreecms SQL Injection vulnerability in Bigtreecms Bigtree CMS

A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database.

4.0
2017-11-27 CVE-2017-16959 TP Link Path Traversal vulnerability in Tp-Link products

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.

4.0

30 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-02 CVE-2017-17094 Wordpress
Debian
Cross-site Scripting vulnerability in Wordpress

wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.

3.5
2017-12-02 CVE-2017-17093 Wordpress
Debian
Cross-site Scripting vulnerability in Wordpress

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.

3.5
2017-12-02 CVE-2017-17092 Wordpress
Debian
Cross-site Scripting vulnerability in Wordpress

wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.

3.5
2017-11-30 CVE-2017-12358 Cisco Cross-site Scripting vulnerability in Cisco Jabber 11.9(0)

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.

3.5
2017-11-30 CVE-2017-12357 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

3.5
2017-11-30 CVE-2017-12349 Cisco Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 2.2(1A)A

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.

3.5
2017-11-30 CVE-2017-12348 Cisco Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 2.2(1A)A

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.

3.5
2017-11-29 CVE-2017-14186 Fortinet Cross-site Scripting vulnerability in Fortinet Fortios

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter.

3.5
2017-11-28 CVE-2017-14379 EMC Cross-site Scripting vulnerability in EMC RSA Authentication Manager 8.1

EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

3.5
2017-11-27 CVE-2017-1689 IBM Cross-site Scripting vulnerability in IBM Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting.

3.5
2017-11-27 CVE-2017-1688 IBM Cross-site Scripting vulnerability in IBM Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting.

3.5
2017-11-27 CVE-2017-1678 IBM Cross-site Scripting vulnerability in IBM Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-11-27 CVE-2017-1650 IBM Cross-site Scripting vulnerability in IBM Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting.

3.5
2017-11-27 CVE-2017-1607 IBM Cross-site Scripting vulnerability in IBM Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting.

3.5
2017-11-27 CVE-2017-1593 IBM Cross-site Scripting vulnerability in IBM Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-11-27 CVE-2017-1560 IBM Cross-site Scripting vulnerability in IBM Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-11-27 CVE-2017-1461 IBM Cross-site Scripting vulnerability in IBM Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-11-27 CVE-2017-15051 Teampass Cross-site Scripting vulnerability in Teampass

Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history.

3.5
2017-11-27 CVE-2017-8031 Cloudfoundry Unspecified vulnerability in Cloudfoundry Cf-Release

An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1).

3.5
2017-12-01 CVE-2017-14953 Hikvision Missing Encryption of Sensitive Data vulnerability in Hikvision Ds-2Cd2432F-Iw Firmware

** DISPUTED ** HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication.

3.3
2017-12-01 CVE-2017-16611 Debian
Canonical
X
Link Following vulnerability in multiple products

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

2.1
2017-12-01 CVE-2017-17087 VIM Information Exposure vulnerability in VIM

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.

2.1
2017-11-30 CVE-2017-12361 Cisco Use of Insufficiently Random Values vulnerability in Cisco Jabber

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client.

2.1
2017-11-30 CVE-2017-12338 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files.

2.1
2017-11-28 CVE-2017-17046 XEN Information Exposure vulnerability in XEN

An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled.

2.1
2017-11-28 CVE-2017-8001 Dell
Linux
Information Exposure Through Log Files vulnerability in Dell EMC Scaleio

An issue was discovered in EMC ScaleIO 2.0.1.x.

2.1
2017-11-27 CVE-2017-16994 Linux Information Exposure vulnerability in Linux Kernel

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

2.1
2017-11-27 CVE-2015-7269 Seagate 7PK - Security Features vulnerability in Seagate St500Lt015 Firmware

Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack."

1.9
2017-11-27 CVE-2015-7268 Samsung
Seagate
7PK - Security Features vulnerability in multiple products

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack."

1.9
2017-11-27 CVE-2015-7267 Samsung
Seagate
7PK - Security Features vulnerability in multiple products

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack."

1.9