Weekly Vulnerabilities Reports > December 4 to 10, 2017

Overview

287 new vulnerabilities reported during this period, including 95 critical vulnerabilities and 60 high severity vulnerabilities. This weekly summary report vulnerabilities in 125 products from 62 vendors including Adobe, Google, Debian, IBM, and Tgsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Out-of-bounds Read", "Information Exposure", "Use After Free", and "Cross-site Scripting".

  • 207 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 36 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 257 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 86 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 66 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

95 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-09 CVE-2017-3114 Redhat
Adobe
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions.

10.0
2017-12-09 CVE-2017-3112 Redhat
Adobe
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions.

10.0
2017-12-09 CVE-2017-11302 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Indesign

An issue was discovered in Adobe InDesign 12.1.0 and earlier versions.

10.0
2017-12-09 CVE-2017-11295 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe DNG Converter 9.12.1/9.7

An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions.

10.0
2017-12-09 CVE-2017-11294 Adobe
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave 8.5.1.102

An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier.

10.0
2017-12-09 CVE-2017-11293 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

10.0
2017-12-09 CVE-2017-11225 Redhat
Adobe
Use After Free vulnerability in multiple products

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions.

10.0
2017-12-09 CVE-2017-11215 Redhat
Adobe
Use After Free vulnerability in multiple products

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions.

10.0
2017-12-09 CVE-2017-11213 Redhat
Adobe
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions.

10.0
2017-12-08 CVE-2017-10906 Fluentd
Redhat
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
10.0
2017-12-07 CVE-2017-17458 Mercurial
Debian
OS Command Injection vulnerability in multiple products

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository.

10.0
2017-12-06 CVE-2017-13160 Google Out-of-bounds Read vulnerability in Google Android

A remote code execution vulnerability in the Android system (bluetooth).

10.0
2017-12-05 CVE-2017-6211 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur.

10.0
2017-12-05 CVE-2017-14918 Google Use After Free vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur.

10.0
2017-12-05 CVE-2017-14917 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.

10.0
2017-12-05 CVE-2017-14916 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.

10.0
2017-12-05 CVE-2017-14914 Google Improper Input Validation vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale.

10.0
2017-12-05 CVE-2017-14909 Google Improper Input Validation vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.

10.0
2017-12-05 CVE-2017-14908 Google Improper Input Validation vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.

10.0
2017-12-05 CVE-2017-11006 Google Use After Free vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning.

10.0
2017-12-05 CVE-2017-11005 Google Use After Free vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path.

10.0
2017-12-05 CVE-2017-14907 Google Unspecified vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key.

10.0
2017-12-05 CVE-2016-1253 Debian OS Command Injection vulnerability in Debian Most

The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file.

10.0
2017-12-05 CVE-2017-16930 Claymore Dual Miner Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Claymore Dual Miner Project Claymore Dual Miner 10.1

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler.

10.0
2017-12-06 CVE-2017-17434 Samba
Debian
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.
9.8
2017-12-09 CVE-2017-16420 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16418 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16417 Adobe Out-of-bounds Write vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16416 Adobe Out-of-bounds Write vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16415 Adobe Out-of-bounds Write vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16414 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16413 Adobe Out-of-bounds Write vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16412 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16411 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16410 Adobe Improper Validation of Array Index vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16409 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16408 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16407 Adobe Out-of-bounds Write vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16406 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16405 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16404 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16403 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16402 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16401 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16400 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16399 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16398 Adobe Use After Free vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16397 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16396 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16395 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16394 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16393 Adobe Use After Free vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16392 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16391 Adobe Improper Validation of Array Index vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16390 Adobe Use After Free vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16389 Adobe Use After Free vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16388 Adobe Use After Free vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16387 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16386 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16385 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16384 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16383 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16382 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16381 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16380 Adobe Unspecified vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16379 Adobe Incorrect Type Conversion or Cast vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16378 Adobe Access of Uninitialized Pointer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16377 Adobe Access of Uninitialized Pointer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16376 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16375 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16374 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16373 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16372 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16371 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16370 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16368 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16367 Adobe Incorrect Type Conversion or Cast vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16365 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16364 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16363 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16362 Adobe Out-of-bounds Read vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-09 CVE-2017-16360 Adobe Use After Free vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

9.3
2017-12-08 CVE-2017-10893 J LIS Untrusted Search Path vulnerability in J-Lis the Public Certification Service FOR Individuals

Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

9.3
2017-12-08 CVE-2017-11940 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Malware Protection Engine 1.1.10600.0/1.1.10701.0/1.1.14306.0

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution.

9.3
2017-12-07 CVE-2017-11937 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Malware Protection Engine 1.1.10600.0/1.1.10701.0/1.1.14306.0

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution.

9.3
2017-12-06 CVE-2017-13162 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the kernel binder.

9.3
2017-12-06 CVE-2017-13151 Google Incorrect Calculation vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libmpeg2).

9.3
2017-12-06 CVE-2017-0878 Google Improper Input Validation vulnerability in Google Android 8.0

A remote code execution vulnerability in the Android media framework (libhevc).

9.3
2017-12-06 CVE-2017-0877 Google Improper Input Validation vulnerability in Google Android 6.0

A remote code execution vulnerability in the Android media framework (libavc).

9.3
2017-12-06 CVE-2017-0876 Google Improper Input Validation vulnerability in Google Android 6.0

A remote code execution vulnerability in the Android media framework (libavc).

9.3
2017-12-06 CVE-2017-0872 Google Improper Input Validation vulnerability in Google Android

A remote code execution vulnerability in the Android media framework (libskia).

9.3
2017-12-06 CVE-2017-17069 Amazon
Microsoft
Untrusted Search Path vulnerability in Amazon Audible 2.34.0/2.44.1

ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file.

9.3
2017-12-05 CVE-2017-11043 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur.

9.3
2017-12-08 CVE-2017-16921 Otrs
Debian
OS Command Injection vulnerability in multiple products

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.

9.0
2017-12-07 CVE-2017-17384 Ispconfig Improper Privilege Management vulnerability in Ispconfig

ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.

9.0

60 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-07 CVE-2017-17459 Fossil SCM Unspecified vulnerability in Fossil SCM Fossil

http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.

8.8
2017-12-07 CVE-2017-17055 Articatech OS Command Injection vulnerability in Articatech Artica Proxy

Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.

8.5
2017-12-06 CVE-2017-13150 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (n/a).

8.5
2017-12-06 CVE-2017-13149 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (n/a).

8.5
2017-12-06 CVE-2017-0879 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (n/a).

8.5
2017-12-05 CVE-2017-16929 Claymore Dual Miner Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Claymore Dual Miner Project Claymore Dual Miner 10.1

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files.

8.5
2017-12-07 CVE-2017-17435 Vaulteksafe Improper Authentication vulnerability in Vaulteksafe Vt20I Firmware

An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal.

8.3
2017-12-05 CVE-2017-17426 GNU Integer Overflow or Wraparound vulnerability in GNU Glibc 2.26

The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow.

8.1
2017-12-06 CVE-2017-13159 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android system (activitymanagerservice).

7.8
2017-12-06 CVE-2017-13158 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android system (activitymanagerservice).

7.8
2017-12-06 CVE-2017-13157 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android system (activitymanagerservice).

7.8
2017-12-06 CVE-2017-17432 Openafs
Debian
Reachable Assertion vulnerability in multiple products

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

7.8
2017-12-05 CVE-2017-15868 Linux
Canonical
Debian
Improper Input Validation vulnerability in multiple products

The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.

7.8
2017-12-05 CVE-2017-14355 Microfocus Unspecified vulnerability in Microfocus Connected Backup 8.6/8.8.6

A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6.

7.8
2017-12-05 CVE-2017-8824 Linux Use After Free vulnerability in Linux Kernel

The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.

7.8
2017-12-04 CVE-2017-17126 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1

The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.

7.8
2017-12-04 CVE-2017-17125 GNU Out-of-bounds Read vulnerability in GNU Binutils 2.29.1

nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.

7.8
2017-12-04 CVE-2017-17124 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1

The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.

7.8
2017-12-04 CVE-2017-17122 GNU Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1

The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.

7.8
2017-12-04 CVE-2017-17121 GNU Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.

7.8
2017-12-04 CVE-2017-17104 Fiyo Information Exposure vulnerability in Fiyo CMS 2.0.7

Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name'].

7.8
2017-12-10 CVE-2017-17484 ICU Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Icu-Project International Components FOR Unicode

The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.

7.5
2017-12-09 CVE-2017-11304 Adobe Use After Free vulnerability in Adobe Photoshop

An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions.

7.5
2017-12-09 CVE-2017-11303 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Photoshop

An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions.

7.5
2017-12-08 CVE-2017-17480 Uclouvain
Debian
Canonical
Out-of-bounds Write vulnerability in multiple products

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c.

7.5
2017-12-08 CVE-2017-17479 Uclouvain Out-of-bounds Write vulnerability in Uclouvain Openjpeg 2.3.0

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c.

7.5
2017-12-08 CVE-2017-17465 K7Computing NULL Pointer Dereference vulnerability in K7Computing Antivirus 15.1.0309

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request.

7.5
2017-12-08 CVE-2017-17464 K7Computing NULL Pointer Dereference vulnerability in K7Computing Antivirus 15.1.0309

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.

7.5
2017-12-07 CVE-2017-17430 Sangoma Improper Authentication vulnerability in Sangoma Netborder/Vega Session Firmware 2.3.1178Ga

Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.

7.5
2017-12-06 CVE-2016-5713 Puppet Code Injection vulnerability in Puppet Agent

Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs.

7.5
2017-12-06 CVE-2017-14374 Dell Use of Hard-coded Credentials vulnerability in Dell Storage Manager

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password.

7.5
2017-12-05 CVE-2017-9709 Google Unspecified vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony.

7.5
2017-12-05 CVE-2017-15813 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs.

7.5
2017-12-05 CVE-2016-1254 Torproject
Opensuse Project
Debian
Fedoraproject
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

7.5
2017-12-06 CVE-2017-6276 Google Use After Free vulnerability in Google Android

NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly lead to elevation of privileges.

7.2
2017-12-06 CVE-2017-6263 Google Use After Free vulnerability in Google Android

NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to improper usage of the list_for_each kernel macro which could enable unauthorized code execution and possibly lead to elevation of privileges.

7.2
2017-12-06 CVE-2017-13174 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the kernel edl.

7.2
2017-12-06 CVE-2017-13173 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the MediaTek system server.

7.2
2017-12-06 CVE-2017-13171 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the MediaTek performance service.

7.2
2017-12-06 CVE-2017-13170 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the MediaTek display driver.

7.2
2017-12-06 CVE-2017-13167 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the kernel sound timer.

7.2
2017-12-06 CVE-2017-13156 Google Unrestricted Upload of File with Dangerous Type vulnerability in Google Android

An elevation of privilege vulnerability in the Android system (art).

7.2
2017-12-06 CVE-2017-13154 Google Use After Free vulnerability in Google Android

An elevation of privilege vulnerability in the Android media framework (libstagefright).

7.2
2017-12-06 CVE-2017-13153 Google Improper Initialization vulnerability in Google Android 8.0

An elevation of privilege vulnerability in the Android media framework (libaudioservice).

7.2
2017-12-06 CVE-2017-0871 Google Unspecified vulnerability in Google Android 8.0

An elevation of privilege vulnerability in the Android framework (framework base).

7.2
2017-12-06 CVE-2017-0870 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the Android framework (libminikin).

7.2
2017-12-06 CVE-2017-0837 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the Android media framework (libaudiopolicymanager).

7.2
2017-12-05 CVE-2017-9716 Google Unspecified vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qbt1000 driver implements an alternative channel for usermode applications to talk to QSEE applications.

7.2
2017-12-05 CVE-2017-14904 Google Use After Free vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer.

7.2
2017-12-05 CVE-2017-14897 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space.

7.2
2017-12-05 CVE-2017-14895 Google Operation on a Resource after Expiration or Release vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.

7.2
2017-12-05 CVE-2017-11007 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash.

7.2
2017-12-05 CVE-2016-1255 Debian
Canonical
Link Following vulnerability in Debian Postgresql-Common

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

7.2
2017-12-04 CVE-2017-17114 Ikarussecurity Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ikarussecurity Anti.Virus 2.16.15

ntguard.sys and ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 have a Memory Corruption vulnerability via a 0x83000084 DeviceIoControl request.

7.2
2017-12-04 CVE-2017-17112 Ikarussecurity Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ikarussecurity Anti.Virus 2.16.15

ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request.

7.2
2017-12-06 CVE-2017-13148 Google Improper Input Validation vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libmpeg2).

7.1
2017-12-06 CVE-2017-0880 Google Unspecified vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libskia).

7.1
2017-12-06 CVE-2017-0874 Google Improper Input Validation vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libavc).

7.1
2017-12-06 CVE-2017-0873 Google Improper Input Validation vulnerability in Google Android

A denial of service vulnerability in the Android media framework (libmpeg2).

7.1
2017-12-05 CVE-2017-4920 Vmware Resource Exhaustion vulnerability in VMWare Nsx-V Edge

The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA).

7.1

119 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-06 CVE-2017-6262 Google Use After Free vulnerability in Google Android

NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevation of privileges.

6.9
2017-12-05 CVE-2017-14902 Google Use After Free vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur.

6.9
2017-12-04 CVE-2017-17056 Zkteco Cross-Site Request Forgery (CSRF) vulnerability in Zkteco Zktime web 2.0.1.12280

The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI.

6.8
2017-12-04 CVE-2017-17130 Libav Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav 12.2

The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv.

6.8
2017-12-04 CVE-2017-17129 Libav NULL Pointer Dereference vulnerability in Libav 12.2

The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.

6.8
2017-12-07 CVE-2017-1356 IBM SQL Injection vulnerability in IBM Atlas Ediscovery Process Management

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection.

6.5
2017-12-04 CVE-2017-15889 Synology Command Injection vulnerability in Synology Diskstation Manager

Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.

6.5
2017-12-04 CVE-2017-17103 Fiyo SQL Injection vulnerability in Fiyo CMS 2.0.7

Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email].

6.5
2017-12-09 CVE-2017-11291 Adobe Server-Side Request Forgery (SSRF) vulnerability in Adobe Connect

An issue was discovered in Adobe Connect 9.6.2 and earlier versions.

6.4
2017-12-08 CVE-2017-17475 Tgsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82736068.

6.1
2017-12-08 CVE-2017-17474 Tgsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730070.

6.1
2017-12-08 CVE-2017-17473 Tgsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730050.

6.1
2017-12-08 CVE-2017-17472 Tgsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730030.

6.1
2017-12-08 CVE-2017-17471 Tgsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82732140.

6.1
2017-12-08 CVE-2017-17470 Tgsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730054.

6.1
2017-12-08 CVE-2017-17469 Tgsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730008, a different vulnerability than CVE-2017-16948.

6.1
2017-12-08 CVE-2017-17467 Tgsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730074.

6.1
2017-12-05 CVE-2017-16857 Atlassian Race Condition vulnerability in Atlassian Bitbucket Auto Unapprove Plugin

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end.

6.0
2017-12-08 CVE-2017-11482 Elastic Open Redirect vulnerability in Elastic Kibana

The Kibana fix for CVE-2017-8451 was found to be incomplete.

5.8
2017-12-08 CVE-2017-10897 Buffalo Improper Input Validation vulnerability in Buffalo Bbr-4Hg Firmware and Bbr-4Mg Firmware

Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors.

5.5
2017-12-07 CVE-2017-15121 Redhat Improper Input Validation vulnerability in Redhat products

A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

5.5
2017-12-04 CVE-2017-17123 GNU NULL Pointer Dereference vulnerability in GNU Binutils 2.29.1

The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.

5.5
2017-12-10 CVE-2017-17497 Htacg Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Htacg Tidy 5.7.0

In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.

5.0
2017-12-10 CVE-2017-16241 Amag Missing Authentication for Critical Function vulnerability in Amag En-1Dbc Firmware, En-2Dbc Firmware and STD Firmware

Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.

5.0
2017-12-09 CVE-2017-3111 Adobe Information Exposure vulnerability in Adobe Experience Manager 6.1.0/6.2.0

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0.

5.0
2017-12-09 CVE-2017-16366 Adobe Unspecified vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

5.0
2017-12-09 CVE-2017-11301 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions.

5.0
2017-12-09 CVE-2017-11300 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions.

5.0
2017-12-09 CVE-2017-11299 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions.

5.0
2017-12-09 CVE-2017-11298 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions.

5.0
2017-12-09 CVE-2017-11297 Adobe Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Digital Editions

An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions.

5.0
2017-12-08 CVE-2017-11480 Elasticsearch Unspecified vulnerability in Elasticsearch Packetbeat

Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler.

5.0
2017-12-08 CVE-2017-17463 Vivo Information Exposure vulnerability in Vivo Modem Firmware

Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields.

5.0
2017-12-07 CVE-2017-1000410 Linux
Debian
Redhat
Information Exposure vulnerability in Linux Kernel

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages.

5.0
2017-12-07 CVE-2017-1271 IBM Inadequate Encryption Strength vulnerability in IBM Security Guardium 9.0/9.1/9.5

IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.

5.0
2017-12-06 CVE-2017-17068 Auth0 Information Exposure vulnerability in Auth0 Auth0.Js

A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12.

5.0
2017-12-06 CVE-2017-17439 Debian
Heimdal Project
NULL Pointer Dereference vulnerability in multiple products

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm.

5.0
2017-12-06 CVE-2017-13175 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the NVIDIA libwilhelm.

5.0
2017-12-06 CVE-2017-13169 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the kernel camera server.

5.0
2017-12-06 CVE-2017-13164 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the kernel binder driver.

5.0
2017-12-06 CVE-2017-13152 Google Information Exposure vulnerability in Google Android

An information disclosure vulnerability in the Android media framework (libmedia drm).

5.0
2017-12-05 CVE-2017-14905 Google Out-of-bounds Read vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.

5.0
2017-12-05 CVE-2017-14903 Google Out-of-bounds Read vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7.

5.0
2017-12-05 CVE-2017-11031 Google Use After Free vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free condition.

5.0
2017-12-05 CVE-2017-17066 Getkovri
I2Pd
Out-of-bounds Read vulnerability in multiple products

The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.

5.0
2017-12-04 CVE-2017-12080 Synology Information Exposure vulnerability in Synology Photo Station

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.

5.0
2017-12-04 CVE-2017-12079 Synology Information Exposure vulnerability in Synology Photo Station

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.

5.0
2017-12-04 CVE-2017-17102 Fiyo SQL Injection vulnerability in Fiyo CMS 2.0.7

Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].

5.0
2017-12-08 CVE-2017-12823 Kaspersky Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kaspersky Embedded Systems Security 1.2.0.300/2.0.0.385

Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.

4.6
2017-12-08 CVE-2017-17468 Tgsoft Unspecified vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730020, a different vulnerability than CVE-2017-17050.

4.6
2017-12-08 CVE-2017-17466 Tgsoft Unspecified vulnerability in Tgsoft Vir.It Explorer 8.5.42

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730088.

4.6
2017-12-07 CVE-2017-17450 Linux Missing Authorization vulnerability in Linux Kernel

net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.

4.6
2017-12-07 CVE-2017-17448 Linux Missing Authorization vulnerability in Linux Kernel

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

4.6
2017-12-06 CVE-2017-13172 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the MediaTek bluetooth driver.

4.6
2017-12-06 CVE-2017-13168 Google
Canonical
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

An elevation of privilege vulnerability in the kernel scsi driver.

4.6
2017-12-06 CVE-2017-13166 Google Out-of-bounds Write vulnerability in Google Android

An elevation of privilege vulnerability in the kernel v4l2 video driver.

4.6
2017-12-06 CVE-2017-13165 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the kernel file system.

4.6
2017-12-06 CVE-2017-13163 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the kernel mtp usb driver.

4.6
2017-12-06 CVE-2017-13161 Google Unspecified vulnerability in Google Android

An elevation of privilege vulnerability in the Broadcom wireless driver.

4.6
2017-12-05 CVE-2017-9722 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled by userspace, is too large, a buffer overflow occurs.

4.6
2017-12-05 CVE-2017-9710 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, IOCTL interface to send QMI NOTIFY REQ messages can be called from multiple contexts which can result in buffer overflow of msg cache.

4.6
2017-12-05 CVE-2017-9700 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer overwrite is possible in fw_name_store if image name is 64 characters.

4.6
2017-12-05 CVE-2017-9698 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improperly specified offset/size values for a submission command could cause a math operation to overflow and could result in an access to arbitrary memory.

4.6
2017-12-05 CVE-2017-14901 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs.

4.6
2017-12-05 CVE-2017-14900 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_MAC_ADDR contains fewer than 6 bytes, a buffer overrun occurs.

4.6
2017-12-05 CVE-2017-14899 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, a buffer overrun occurs.

4.6
2017-12-05 CVE-2017-14898 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs.

4.6
2017-12-05 CVE-2017-14896 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver which can result in an undersize buffer allocation.

4.6
2017-12-05 CVE-2017-11047 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a graphics driver ioctl handler, the lack of copy_from_user() function calls may result in writes to kernel memory.

4.6
2017-12-05 CVE-2017-11042 Google Missing Authorization vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.

4.6
2017-12-05 CVE-2017-11033 Google Use After Free vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the coresight-tmc driver, a simultaneous read and enable of the ETR device after changing the buffer size may result in a Use After Free condition of the previous buffer.

4.6
2017-12-05 CVE-2017-11030 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the HDMI video driver function hdmi_edid_sysfs_rda_res_info(), userspace can perform an arbitrary write into kernel memory.

4.6
2017-12-05 CVE-2017-11019 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the get_metadata was not closed even though the buffer allocated to the fd was freed.

4.6
2017-12-05 CVE-2017-11016 Google Improper Resource Shutdown or Release vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stale pointers are left uncleared.

4.6
2017-12-05 CVE-2017-9718 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite.

4.4
2017-12-05 CVE-2017-9708 Google Race Condition vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a race condition can occur in variable "*reg_ptr" of sub function "msm_camera_config_single_vreg".

4.4
2017-12-05 CVE-2017-9703 Google Use After Free vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition.

4.4
2017-12-05 CVE-2017-11049 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a video driver, a race condition exists which can potentially lead to a buffer overflow.

4.4
2017-12-05 CVE-2017-11045 Google Use After Free vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition.

4.4
2017-12-05 CVE-2017-11044 Google Use After Free vulnerability in Google Android

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition.

4.4
2017-12-09 CVE-2017-3109 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0.

4.3
2017-12-09 CVE-2017-16419 Adobe Uncontrolled Recursion vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

4.3
2017-12-09 CVE-2017-16369 Adobe Information Exposure vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

4.3
2017-12-09 CVE-2017-16361 Adobe Unspecified vulnerability in Adobe products

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.

4.3
2017-12-09 CVE-2017-11296 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0.

4.3
2017-12-09 CVE-2017-11290 Adobe Improper Restriction of Rendered UI Layers or Frames vulnerability in Adobe Connect

An issue was discovered in Adobe Connect 9.6.2 and earlier versions.

4.3
2017-12-09 CVE-2017-11289 Adobe Cross-site Scripting vulnerability in Adobe Connect

An issue was discovered in Adobe Connect 9.6.2 and earlier versions.

4.3
2017-12-09 CVE-2017-11288 Adobe Cross-site Scripting vulnerability in Adobe Connect

An issue was discovered in Adobe Connect 9.6.2 and earlier versions.

4.3
2017-12-09 CVE-2017-11287 Adobe Cross-site Scripting vulnerability in Adobe Connect

An issue was discovered in Adobe Connect 9.6.2 and earlier versions.

4.3
2017-12-09 CVE-2017-11273 Adobe Information Exposure vulnerability in Adobe Digital Editions

An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions.

4.3
2017-12-08 CVE-2017-11481 Elastic Cross-site Scripting vulnerability in Elastic Kibana

Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

4.3
2017-12-08 CVE-2017-10896 Buffalo Cross-site Scripting vulnerability in Buffalo Bbr-4Hg Firmware and Bbr-4Mg Firmware

Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

4.3
2017-12-07 CVE-2017-14386 Dell Cross-site Scripting vulnerability in Dell 2335Dn Firmware and 2355Dn Firmware

The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability.

4.3
2017-12-07 CVE-2017-3738 Openssl
Debian
Nodejs
Information Exposure vulnerability in multiple products

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.

4.3
2017-12-07 CVE-2017-3737 Openssl
Debian
Out-of-bounds Read vulnerability in multiple products

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism.

4.3
2017-12-07 CVE-2017-1497 IBM Information Exposure vulnerability in IBM Sterling File Gateway 2.2

IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file.

4.3
2017-12-07 CVE-2017-1355 IBM Information Exposure vulnerability in IBM Atlas Ediscovery Process Management

IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters.

4.3
2017-12-07 CVE-2017-1341 IBM Unspecified vulnerability in IBM Websphere MQ

IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access.

4.3
2017-12-07 CVE-2017-16884 Mistserver Cross-site Scripting vulnerability in Mistserver

Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.

4.3
2017-12-07 CVE-2017-17451 Wpmailster Cross-site Scripting vulnerability in Wpmailster WP Mailster

The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.

4.3
2017-12-06 CVE-2017-17446 Game Music EMU Project Incorrect Conversion between Numeric Types vulnerability in Game-Music-Emu Project Game-Music-Emu 0.6.1

The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

4.3
2017-12-06 CVE-2017-17440 GNU NULL Pointer Dereference vulnerability in GNU Libextractor 1.6

GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.

4.3
2017-12-05 CVE-2017-17431 Genixcms Cross-site Scripting vulnerability in Genixcms 1.1.5

GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter.

4.3
2017-12-05 CVE-2017-16856 Atlassian Cross-site Scripting vulnerability in Atlassian Confluence

The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.

4.3
2017-12-05 CVE-2016-1252 Debian
Canonical
Improper Certificate Validation vulnerability in multiple products

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.

4.3
2017-12-04 CVE-2017-16721 Geovap Cross-site Scripting vulnerability in Geovap Reliance-Scada

A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior.

4.3
2017-12-04 CVE-2017-17057 Zkteco Cross-site Scripting vulnerability in Zkteco Zktime web 2.0.1.12280

There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280.

4.3
2017-12-04 CVE-2017-17128 Libav Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav 12.2

The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file.

4.3
2017-12-04 CVE-2017-17127 Libav NULL Pointer Dereference vulnerability in Libav 12.2

The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

4.3
2017-12-08 CVE-2017-16854 Otrs
Debian
Information Exposure vulnerability in multiple products

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.

4.0
2017-12-08 CVE-2017-15895 Synology Path Traversal vulnerability in Synology Router Manager

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

4.0
2017-12-08 CVE-2017-15894 Synology Path Traversal vulnerability in Synology Diskstation Manager

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

4.0
2017-12-08 CVE-2017-15893 Synology Path Traversal vulnerability in Synology File Station

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

4.0
2017-12-08 CVE-2017-15891 Synology Unspecified vulnerability in Synology Calendar

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.

4.0
2017-12-07 CVE-2017-1487 IBM Information Exposure vulnerability in IBM Sterling File Gateway 2.2

IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system.

4.0
2017-12-07 CVE-2017-1481 IBM Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2

IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user.

4.0
2017-12-07 CVE-2017-1433 IBM Unspecified vulnerability in IBM Websphere MQ

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart.

4.0
2017-12-07 CVE-2017-1342 IBM Information Exposure vulnerability in IBM Insights Foundation for Energy 2.0

IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks.

4.0
2017-12-05 CVE-2017-17051 Openstack Resource Exhaustion vulnerability in Openstack Nova 16.0.3

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3.

4.0

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-06 CVE-2017-17433 Debian
Samba
Missing Authorization vulnerability in multiple products

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.

3.7
2017-12-07 CVE-2017-1336 IBM Code Injection vulnerability in IBM Infosphere Biginsights 4.2.0

IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files.

3.6
2017-12-07 CVE-2017-1498 IBM Cross-site Scripting vulnerability in IBM Connections 5.5.0.0

IBM Connections 5.5 is vulnerable to cross-site scripting.

3.5
2017-12-07 CVE-2017-1482 IBM Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 5.2

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting.

3.5
2017-12-07 CVE-2017-1465 IBM Cross-site Scripting vulnerability in IBM Tririga Application Platform

IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim.

3.5
2017-12-07 CVE-2017-1354 IBM Cross-site Scripting vulnerability in IBM Atlas Ediscovery Process Management

IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting.

3.5
2017-12-07 CVE-2017-1353 IBM Information Exposure vulnerability in IBM Atlas Ediscovery Process Management

IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links.

3.5
2017-12-06 CVE-2017-17383 Jenkins Cross-site Scripting vulnerability in Jenkins

Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.

3.5
2017-12-07 CVE-2017-17436 Vaulteksafe Inadequate Encryption Strength vulnerability in Vaulteksafe Vt20I Firmware

An issue was discovered in the software on Vaultek Gun Safe VT20i products.

3.3
2017-12-05 CVE-2017-14018 Ethicon Improper Authentication vulnerability in Ethicon Endo-Surgery Generator Gen11 Firmware

An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017.

3.3
2017-12-07 CVE-2017-17381 Qemu
Debian
Divide By Zero vulnerability in multiple products

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.

2.1
2017-12-04 CVE-2017-17113 Ikarussecurity NULL Pointer Dereference vulnerability in Ikarussecurity Anti.Virus 2.16.15

ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request.

2.1
2017-12-07 CVE-2017-17449 Linux Information Exposure vulnerability in Linux Kernel

The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.

1.9