Weekly Vulnerabilities Reports > December 11 to 17, 2017

Overview

294 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 122 high severity vulnerabilities. This weekly summary report vulnerabilities in 302 products from 167 vendors including Microsoft, Fortunescripts, Debian, IBM, and SAP. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Injection", "Information Exposure", and "Cross-site Scripting".

  • 273 reported vulnerabilities are remotely exploitables.
  • 101 reported vulnerabilities have public exploit available.
  • 121 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 256 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 35 reported vulnerabilities.
  • Acti has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-17 CVE-2017-17717 Sonatype Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonatype Nexus Repository Manager

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.

10.0
2017-12-16 CVE-2017-3195 Commvault Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Commvault Edge 11.0.0

Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.

10.0
2017-12-16 CVE-2017-3186 Acti Use of Hard-coded Credentials vulnerability in Acti Camera Firmware A1D500V6.11.31Ac

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices.

10.0
2017-12-16 CVE-2017-3184 Acti Use of Hard-coded Credentials vulnerability in Acti Camera Firmware A1D500V6.11.31Ac

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page.

10.0
2017-12-12 CVE-2017-17560 Westerndigital Improper Authentication vulnerability in Westerndigital MY Cloud Pr4100 Firmware 2.30.172

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices.

10.0
2017-12-15 CVE-2017-17405 Ruby Lang
Debian
Redhat
OS Command Injection vulnerability in multiple products

Ruby before 2.4.3 allows Net::FTP command injection.

9.3
2017-12-12 CVE-2017-11935 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office 2016

Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".

9.3
2017-12-11 CVE-2014-8358 Huawei Untrusted Search Path vulnerability in Huawei Ec156 Firmware, Ec176 Firmware and Ec177 Firmware

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.

9.3
2017-12-11 CVE-2017-13070 Qnap Untrusted Search Path vulnerability in Qnap Qsync 4.2.2.0724

A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines.

9.3
2017-12-15 CVE-2017-16788 Meinbergglobal Path Traversal vulnerability in Meinbergglobal Lantime Firmware

Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.

9.0
2017-12-13 CVE-2017-14590 Atlassian Unspecified vulnerability in Atlassian Bamboo

Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters.

9.0
2017-12-13 CVE-2017-5534 Tibco Unspecified vulnerability in Tibco Tibbr 6.0.0/6.0.1/7.0.0

The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component.

9.0
2017-12-11 CVE-2017-15940 Paloaltonetworks Command Injection vulnerability in Paloaltonetworks Pan-Os

The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.

9.0

122 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-12 CVE-2017-11885 Microsoft Improper Input Validation vulnerability in Microsoft products

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".

8.5
2017-12-16 CVE-2017-3193 D Link Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dir-850L Firmware 1.14B07/2.07.B05

Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.

8.3
2017-12-14 CVE-2016-10703 Ecstatic Project Improper Input Validation vulnerability in Ecstatic Project Ecstatic

A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.

7.8
2017-12-14 CVE-2017-17684 Pandasecurity Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pandasecurity Panda Global Protection 17.0.1

Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.

7.8
2017-12-14 CVE-2017-17683 Pandasecurity Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pandasecurity Panda Global Protection 17.0.1

Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.

7.8
2017-12-13 CVE-2017-17538 Mikrotik Unspecified vulnerability in Mikrotik Router Firmware 6.40.5

MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.

7.8
2017-12-16 CVE-2017-14091 Trendmicro Insufficient Verification of Data Authenticity vulnerability in Trendmicro Scanmail 12.0

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.

7.6
2017-12-14 CVE-2017-7344 Fortinet Unspecified vulnerability in Fortinet Forticlient

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.

7.6
2017-12-12 CVE-2017-11930 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Internet Explorer

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11918 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11916 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore

ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11914 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11913 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11912 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11911 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11910 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11909 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11908 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11907 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11905 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11903 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11901 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11895 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11894 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore, Edge and Internet Explorer

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11893 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11890 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11889 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11888 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".

7.6
2017-12-12 CVE-2017-11886 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6
2017-12-16 CVE-2017-17713 Boxug SQL Injection vulnerability in Boxug Trape

Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.

7.5
2017-12-16 CVE-2017-10904 QT OS Command Injection vulnerability in QT

Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

7.5
2017-12-15 CVE-2017-17701 K7Computing NULL Pointer Dereference vulnerability in K7Computing Antivirus 15.1.0309

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.

7.5
2017-12-15 CVE-2017-17700 K7Computing NULL Pointer Dereference vulnerability in K7Computing Antivirus 15.1.0309

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.

7.5
2017-12-15 CVE-2017-17699 K7Computing NULL Pointer Dereference vulnerability in K7Computing Antivirus 15.1.0309

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.

7.5
2017-12-14 CVE-2017-17672 Vbulletin Deserialization of Untrusted Data vulnerability in Vbulletin

In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API.

7.5
2017-12-14 CVE-2017-17671 Vbulletin
Microsoft
Path Traversal vulnerability in Vbulletin

vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked.

7.5
2017-12-13 CVE-2017-17648 Entrepreneur Dating Script Project SQL Injection vulnerability in Entrepreneur Dating Script Project Entrepreneur Dating Script 2.0.1

Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.

7.5
2017-12-13 CVE-2017-17642 Basic JOB Site Script Project SQL Injection vulnerability in Basic JOB Site Script Project Basic JOB Site Script 2.0.5

Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.

7.5
2017-12-13 CVE-2017-17641 Resume Clone Script Project SQL Injection vulnerability in Resume Clone Script Project Resume Clone Script 2.0.5

Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.

7.5
2017-12-13 CVE-2017-17640 Advanced World Database Project SQL Injection vulnerability in Advanced World Database Project Advanced World Database 2.0.5

Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.

7.5
2017-12-13 CVE-2017-17639 Muslim Matrimonial Script Project SQL Injection vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.02

Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.

7.5
2017-12-13 CVE-2017-17638 Groupon Clone Script Project SQL Injection vulnerability in Groupon Clone Script Project Groupon Clone Script 3.01

Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.

7.5
2017-12-13 CVE-2017-17637 CAR Rental Script Project SQL Injection vulnerability in CAR Rental Script Project CAR Rental Script 2.0.4

Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.

7.5
2017-12-13 CVE-2017-17636 MLM Forced Matrix Project SQL Injection vulnerability in MLM Forced Matrix Project MLM Forced Matrix 2.0.9

MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.

7.5
2017-12-13 CVE-2017-17635 MLM Forex Market Plan Script Project SQL Injection vulnerability in MLM Forex Market Plan Script Project MLM Forex Market Plan Script 2.0.4

MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.

7.5
2017-12-13 CVE-2017-17634 Single Theater Booking Script Project SQL Injection vulnerability in Single Theater Booking Script Project Single Theater Booking Script 3.2.1

Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

7.5
2017-12-13 CVE-2017-17633 Multiplex Movie Theater Booking Script Project SQL Injection vulnerability in Multiplex Movie Theater Booking Script Project Multiplex Movie Theater Booking Script 3.1.5

Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.

7.5
2017-12-13 CVE-2017-17632 Responsive Events AND Movie Ticket Booking Script Project SQL Injection vulnerability in Responsive Events and Movie Ticket Booking Script Project Responsive Events and Movie Ticket Booking Script 3.2.1

Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

7.5
2017-12-13 CVE-2017-17631 Multireligion Responsive Matrimonial Project SQL Injection vulnerability in Multireligion Responsive Matrimonial Project Multireligion Responsive Matrimonial 4.7.2

Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.

7.5
2017-12-13 CVE-2017-17630 Yoga Class Script Project SQL Injection vulnerability in Yoga Class Script Project Yoga Class Script 1.0

Yoga Class Script 1.0 has SQL Injection via the /list city parameter.

7.5
2017-12-13 CVE-2017-17629 Secure E Commerce Script Project SQL Injection vulnerability in Secure E-Commerce Script Project Secure E-Commerce Script 2.0.1

Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.

7.5
2017-12-13 CVE-2017-17628 Responsive Realestate Script Project SQL Injection vulnerability in Responsive Realestate Script Project Responsive Realestate Script 3.2

Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.

7.5
2017-12-13 CVE-2017-17627 Readymade Video Sharing Script Project SQL Injection vulnerability in Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2

Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.

7.5
2017-12-13 CVE-2017-17626 Readymade PHP Classified Script Project SQL Injection vulnerability in Readymade PHP Classified Script Project Readymade PHP Classified Script 3.3

Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.

7.5
2017-12-13 CVE-2017-17625 ON Demand Marketplace Script Project SQL Injection vulnerability in ON Demand Marketplace Script Project ON Demand Marketplace Script 1.0

Professional Service Script 1.0 has SQL Injection via the service-list city parameter.

7.5
2017-12-13 CVE-2017-17624 PHP Multivendor Ecommerce Project SQL Injection vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce 1.0

PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.

7.5
2017-12-13 CVE-2017-17623 Opensource Classified ADS Script Project SQL Injection vulnerability in Opensource Classified ADS Script Project Opensource Classified ADS Script 3.2

Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.

7.5
2017-12-13 CVE-2017-17622 Online Exam Test Application Script Project SQL Injection vulnerability in Online Exam Test Application Script Project Online Exam Test Application Script 1.6

Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.

7.5
2017-12-13 CVE-2017-17621 Multivendor Penny Auction Clone Script Project SQL Injection vulnerability in Multivendor Penny Auction Clone Script Project Multivendor Penny Auction Clone Script 1.0

Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.

7.5
2017-12-13 CVE-2017-17620 Lawyer Search Script Project SQL Injection vulnerability in Lawyer Search Script Project Lawyer Search Script 1.1

Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.

7.5
2017-12-13 CVE-2017-17619 Laundry Booking Script Project SQL Injection vulnerability in Laundry Booking Script Project Laundry Booking Script 1.0

Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.

7.5
2017-12-13 CVE-2017-17618 Kickstarter Clone Script Project SQL Injection vulnerability in Kickstarter Clone Script Project Kickstarter Clone Script 2.0

Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.

7.5
2017-12-13 CVE-2017-17617 Foodspotting Clone Script Project SQL Injection vulnerability in Foodspotting Clone Script Project Foodspotting Clone Script 1.0

Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.

7.5
2017-12-13 CVE-2017-17616 Event Calendar Category Script Project SQL Injection vulnerability in Event Calendar Category Script Project Event Calendar Category Script 1.0

Event Search Script 1.0 has SQL Injection via the /event-list city parameter.

7.5
2017-12-13 CVE-2017-17614 Hotel Restaurant Reviews AND Feedback Script Project SQL Injection vulnerability in Hotel Restaurant Reviews and Feedback Script Project Hotel Restaurant Reviews and Feedback Script 1.0

Food Order Script 1.0 has SQL Injection via the /list city parameter.

7.5
2017-12-13 CVE-2017-17613 Freelance Website Script Project SQL Injection vulnerability in Freelance Website Script Project Freelance Website Script 2.0.6

Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.

7.5
2017-12-13 CVE-2017-17612 HOT Scripts Clone Project SQL Injection vulnerability in HOT Scripts Clone Project HOT Scripts Clone 3.1

Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.

7.5
2017-12-13 CVE-2017-17611 Doctor Search Script Project SQL Injection vulnerability in Doctor Search Script Project Doctor Search Script 1.0

Doctor Search Script 1.0 has SQL Injection via the /list city parameter.

7.5
2017-12-13 CVE-2017-17610 E Commerce MLM Software Project SQL Injection vulnerability in E-Commerce MLM Software Project E-Commerce MLM Software 1.0

E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.

7.5
2017-12-13 CVE-2017-17609 Chartered Accountant Booking Script Project SQL Injection vulnerability in Chartered Accountant Booking Script Project Chartered Accountant Booking Script 1.0

Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.

7.5
2017-12-13 CVE-2017-17608 Kindergarten Elementary School Listing Script Project SQL Injection vulnerability in Kindergarten - Elementary School Listing Script Project Kindergarten - Elementary School Listing Script 1.0

Child Care Script 1.0 has SQL Injection via the /list city parameter.

7.5
2017-12-13 CVE-2017-17607 CMS Auditor Website Project SQL Injection vulnerability in CMS Auditor Website Project CMS Auditor Website 1.0

CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.

7.5
2017-12-13 CVE-2017-17606 CO Work Space Search Script Project SQL Injection vulnerability in Co-Work Space Search Script Project Co-Work Space Search Script 1.0

Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.

7.5
2017-12-13 CVE-2017-17605 Consumer Complaints Clone Script Project SQL Injection vulnerability in Consumer Complaints Clone Script Project Consumer Complaints Clone Script 1.0

Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.

7.5
2017-12-13 CVE-2017-17604 Entrepreneur BUS Booking Script Project SQL Injection vulnerability in Entrepreneur BUS Booking Script Project Entrepreneur BUS Booking Script 3.0.4

Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.

7.5
2017-12-13 CVE-2017-17603 Advanced Real Estate Script Project SQL Injection vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.7

Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.

7.5
2017-12-13 CVE-2017-17602 Advance B2B Script Project SQL Injection vulnerability in Advance B2B Script Project Advance B2B Script 2.1.3

Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.

7.5
2017-12-13 CVE-2017-17601 CAB Booking Script Project SQL Injection vulnerability in CAB Booking Script Project CAB Booking Script 1.0

Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.

7.5
2017-12-13 CVE-2017-17600 Basic B2B Script Project SQL Injection vulnerability in Basic B2B Script Project Basic B2B Script 2.0.8

Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.

7.5
2017-12-13 CVE-2017-17599 Advance Online Learning Management Script Project SQL Injection vulnerability in Advance Online Learning Management Script Project Advance Online Learning Management Script 3.1

Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.

7.5
2017-12-13 CVE-2017-17598 Affiliate MLM Script Project SQL Injection vulnerability in Affiliate MLM Script Project Affiliate MLM Script 1.0

Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.

7.5
2017-12-13 CVE-2017-17597 Nearbuy Clone Script Project SQL Injection vulnerability in Nearbuy Clone Script Project Nearbuy Clone Script 3.2

Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.

7.5
2017-12-13 CVE-2017-17596 Entrepreneur JOB Portal Script Project SQL Injection vulnerability in Entrepreneur JOB Portal Script Project Entrepreneur JOB Portal Script 2.0.6

Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.

7.5
2017-12-13 CVE-2017-17595 Beauty Parlour Booking Script Project SQL Injection vulnerability in Beauty Parlour Booking Script Project Beauty Parlour Booking Script 1.0

Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.

7.5
2017-12-13 CVE-2017-17594 Domainsale PHP Script Project SQL Injection vulnerability in Domainsale PHP Script Project Domainsale PHP Script 1.0

DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.

7.5
2017-12-13 CVE-2017-17592 Website Auction Marketplace Project SQL Injection vulnerability in Website Auction Marketplace Project Website Auction Marketplace 2.0.5

Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.

7.5
2017-12-13 CVE-2017-17591 Realestate Crowdfunding Script Project SQL Injection vulnerability in Realestate Crowdfunding Script Project Realestate Crowdfunding Script 2.7.2

Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.

7.5
2017-12-13 CVE-2017-17590 Fortunescripts SQL Injection vulnerability in Fortunescripts Stackoverflow Clone 1.0

FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.

7.5
2017-12-13 CVE-2017-17589 Fortunescripts SQL Injection vulnerability in Fortunescripts Thumbtack Clone 1.0

FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.

7.5
2017-12-13 CVE-2017-17588 Fortunescripts SQL Injection vulnerability in Fortunescripts Imdb Clone 1.0

FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.

7.5
2017-12-13 CVE-2017-17587 Fortunescripts SQL Injection vulnerability in Fortunescripts Indiamart Clone 1.0

FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.

7.5
2017-12-13 CVE-2017-17586 Fortunescripts SQL Injection vulnerability in Fortunescripts OLX Clone 1.0

FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.

7.5
2017-12-13 CVE-2017-17585 Fortunescripts SQL Injection vulnerability in Fortunescripts Monster Clone 1.0

FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.

7.5
2017-12-13 CVE-2017-17584 Fortunescripts SQL Injection vulnerability in Fortunescripts Makemytrip Clone 1.0

FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.

7.5
2017-12-13 CVE-2017-17583 Fortunescripts SQL Injection vulnerability in Fortunescripts Shutterstock Clone 1.0

FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.

7.5
2017-12-13 CVE-2017-17582 Fortunescripts SQL Injection vulnerability in Fortunescripts Grubhub Clone 1.0

FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.

7.5
2017-12-13 CVE-2017-17581 Fortunescripts SQL Injection vulnerability in Fortunescripts Quibids Clone 1.0

FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.

7.5
2017-12-13 CVE-2017-17580 Fortunescripts SQL Injection vulnerability in Fortunescripts Linkedin Clone 1.0

FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.

7.5
2017-12-13 CVE-2017-17579 Fortunescripts SQL Injection vulnerability in Fortunescripts Freelancer Clone 1.0

FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.

7.5
2017-12-13 CVE-2017-17578 Fortunescripts SQL Injection vulnerability in Fortunescripts Crowdfunding Script 1.0

FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.

7.5
2017-12-13 CVE-2017-17577 Fortunescripts SQL Injection vulnerability in Fortunescripts Trademe Clone 1.0

FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.

7.5
2017-12-13 CVE-2017-17576 Fortunescripts SQL Injection vulnerability in Fortunescripts Gigs Script 1.0

FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.

7.5
2017-12-13 CVE-2017-17575 Fortunescripts SQL Injection vulnerability in Fortunescripts Groupon Clone 1.0

FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.

7.5
2017-12-13 CVE-2017-17574 Fortunescripts SQL Injection vulnerability in Fortunescripts Care Clone 1.0

FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.

7.5
2017-12-13 CVE-2017-17573 Fortunescripts SQL Injection vulnerability in Fortunescripts Ebay Clone 1.0

FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.

7.5
2017-12-13 CVE-2017-17572 Fortunescripts SQL Injection vulnerability in Fortunescripts Amazon Clone 1.0

FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.

7.5
2017-12-13 CVE-2017-17571 Fortunescripts SQL Injection vulnerability in Fortunescripts Foodpanda Clone 1.0

FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.

7.5
2017-12-13 CVE-2017-17570 Fortunescripts SQL Injection vulnerability in Fortunescripts Expedia Clone 1.0

FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.

7.5
2017-12-12 CVE-2017-11899 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".

7.5
2017-12-12 CVE-2017-16684 SAP Improper Authentication vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30

SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.

7.5
2017-12-11 CVE-2017-17111 Scubez SQL Injection vulnerability in Scubez Posty Readymade Classifieds 1.0

Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.

7.5
2017-12-11 CVE-2017-17110 Techno Portfolio Management Panel Project SQL Injection vulnerability in Techno - Portfolio Management Panel Project Techno - Portfolio Management Panel 1.0

Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.

7.5
2017-12-11 CVE-2017-15944 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Pan-Os

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.

7.5
2017-12-11 CVE-2017-15708 Apache Injection vulnerability in Apache Commons Collections and Synapse

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI).

7.5
2017-12-11 CVE-2017-17499 Imagemagick
Canonical
Debian
Use After Free vulnerability in multiple products

ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.

7.5
2017-12-16 CVE-2017-3196 Rawether Project
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rawether Project Rawether

PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets.

7.2
2017-12-13 CVE-2017-14380 EMC Improper Privilege Management vulnerability in EMC Isilon Onefs

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode.

7.2
2017-12-12 CVE-2017-5717 Intel Incorrect Type Conversion or Cast vulnerability in Intel Graphics Driver

Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.

7.2
2017-12-12 CVE-2017-17558 Linux
Suse
Out-of-bounds Write vulnerability in Linux Kernel

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.

7.2
2017-12-11 CVE-2017-15870 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Globalprotect

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."

7.2
2017-12-14 CVE-2017-17682 Imagemagick
Canonical
Debian
Resource Exhaustion vulnerability in multiple products

In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.

7.1
2017-12-14 CVE-2017-17681 Imagemagick
Canonical
Infinite Loop vulnerability in multiple products

In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.

7.1

140 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-16 CVE-2017-17712 Linux Race Condition vulnerability in Linux Kernel

The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.

6.9
2017-12-12 CVE-2017-17566 XEN Unspecified vulnerability in XEN

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.

6.9
2017-12-12 CVE-2017-17564 XEN 7PK - Errors vulnerability in XEN

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.

6.9
2017-12-12 CVE-2017-17563 XEN Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.

6.9
2017-12-16 CVE-2017-17715 Telegram Path Traversal vulnerability in Telegram Messenger

The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.

6.8
2017-12-16 CVE-2017-14092 Trendmicro Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Scanmail 12.0

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.

6.8
2017-12-16 CVE-2017-11397 Trendmicro Untrusted Search Path vulnerability in Trendmicro Encryption for Email 5.6.0.1073

A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.

6.8
2017-12-16 CVE-2017-10905 QT Unspecified vulnerability in QT 5.9.0

A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.

6.8
2017-12-15 CVE-2017-16776 Mckesson Unspecified vulnerability in Mckesson Conserus Workflow Intelligence 2.0.2

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company.

6.8
2017-12-15 CVE-2017-17670 Videolan
Debian
Use After Free vulnerability in multiple products

In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

6.8
2017-12-14 CVE-2017-5264 Rapid7 Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Nexpose

Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.

6.8
2017-12-14 CVE-2017-17535 Gjots2 Project Injection vulnerability in Gjots2 Project Gjots2 2.4.1

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17534 Mensis Project Injection vulnerability in Mensis Project Mensis 0.0.080507

uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521.

6.8
2017-12-14 CVE-2017-17533 Tkabber Project Injection vulnerability in Tkabber Project Tkabber 1.1

** DISPUTED ** default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17532 Kiwi Project Injection vulnerability in Kiwi Project Kiwi 1.9.22

examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17531 GNU Injection vulnerability in GNU Global 4.8.6

gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17530 Geomview Injection vulnerability in Geomview 1.9.5

common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17529 Abisource Injection vulnerability in Abisource Abiword 3.0.22

af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17528 Scummvm Injection vulnerability in Scummvm 1.9.0

backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17527 Pasdoc Project
Debian
Injection vulnerability in multiple products

** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17526 Giac Project Injection vulnerability in Giac Project Giac 1.2.3.57

Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17525 Xtuple Injection vulnerability in Xtuple Postbooks 4.7.0

guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17524 SWI Prolog Injection vulnerability in Swi-Prolog 7.2.3

library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17522 Python Injection vulnerability in Python

** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17521 Fontforge Injection vulnerability in Fontforge

uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.

6.8
2017-12-14 CVE-2017-17520 Debian Injection vulnerability in Debian TIN 2.4.1

** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17519 Ocaml Batteries Project Injection vulnerability in Ocaml Batteries Project Ocaml Batteries 2.6

batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17518 White Dune Project Injection vulnerability in White Dune Project White Dune 0.30.10

** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17517 Sylpheed Project Injection vulnerability in Sylpheed Project Sylpheed

libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17516 Reddit Terminal Viewer Project Injection vulnerability in Reddit Terminal Viewer Project Reddit Terminal Viewer 1.19.0

scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17515 Ecmwf
Debian
Injection vulnerability in multiple products

** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17514 Nip2 Project
Debian
Injection vulnerability in multiple products

** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

6.8
2017-12-14 CVE-2017-17513 TUG Injection vulnerability in TUG TEX Live

TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.

6.8
2017-12-14 CVE-2017-17511 Kildclient
Debian
Injection vulnerability in multiple products

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.

6.8
2017-12-13 CVE-2017-14589 Atlassian Improper Input Validation vulnerability in Atlassian Bamboo

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur.

6.8
2017-12-13 CVE-2017-14362 Microfocus Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Project and Portfolio Management 9.32

Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32.

6.8
2017-12-12 CVE-2017-17562 Embedthis Improper Input Validation vulnerability in Embedthis Goahead

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.

6.8
2017-12-12 CVE-2017-16690 SAP Untrusted Search Path vulnerability in SAP Plant Connectivity 15.0/2.3

A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0.

6.8
2017-12-11 CVE-2017-2886 Acdsee Out-of-bounds Write vulnerability in Acdsee Ultimate 10.0.0.292

A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292.

6.8
2017-12-11 CVE-2017-17551 Changyou Improper Input Validation vulnerability in Changyou Dolphin 12.0.2

The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file.

6.8
2017-12-11 CVE-2017-17536 Phacility Unspecified vulnerability in Phacility Phabricator

Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.

6.8
2017-12-11 CVE-2017-17523 Lilypond Injection vulnerability in Lilypond 2.19.80

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.

6.8
2017-12-11 CVE-2017-17512 Sensible Utils Project Injection vulnerability in Sensible-Utils Project Sensible-Utils

sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.

6.8
2017-12-11 CVE-2017-17509 Hdfgroup Out-of-bounds Write vulnerability in Hdfgroup Hdf5 1.10.1

In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a.

6.8
2017-12-11 CVE-2017-17503 Graphicsmagick
Debian
Out-of-bounds Read vulnerability in multiple products

ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.

6.8
2017-12-11 CVE-2017-17502 Graphicsmagick
Debian
Out-of-bounds Read vulnerability in multiple products

ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.

6.8
2017-12-11 CVE-2017-17501 Graphicsmagick
Debian
Out-of-bounds Read vulnerability in multiple products

WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.

6.8
2017-12-11 CVE-2017-17500 Graphicsmagick
Debian
Out-of-bounds Read vulnerability in multiple products

ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.

6.8
2017-12-11 CVE-2017-17498 Graphicsmagick Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick 1.3.26

WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

6.8
2017-12-15 CVE-2017-17695 Techno Portfolio Management Panel Project SQL Injection vulnerability in Techno - Portfolio Management Panel Project Techno - Portfolio Management Panel

Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.

6.5
2017-12-14 CVE-2017-5663 Apache SQL Injection vulnerability in Apache Fineract 0.4.0Incubating/0.5.0Incubating/0.6.0Incubating

In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries.

6.5
2017-12-13 CVE-2017-17665 Octopus Missing Authorization vulnerability in Octopus Deploy

In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments.

6.5
2017-12-13 CVE-2017-17615 Facebook Clone Script Project SQL Injection vulnerability in Facebook Clone Script Project Facebook Clone Script 1.0

Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.

6.5
2017-12-12 CVE-2017-11936 Microsoft Improper Input Validation vulnerability in Microsoft Sharepoint Enterprise Server 2016

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".

6.5
2017-12-12 CVE-2017-17561 Seacms Project Unspecified vulnerability in Seacms Project Seacms 6.56

SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.

6.5
2017-12-12 CVE-2017-16689 SAP Improper Authentication vulnerability in SAP Kernel

A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.

6.5
2017-12-12 CVE-2017-16682 SAP Code Injection vulnerability in SAP products

SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.

6.5
2017-12-12 CVE-2017-16678 SAP Server-Side Request Forgery (SSRF) vulnerability in SAP products

Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.

6.5
2017-12-11 CVE-2017-1606 IBM SQL Injection vulnerability in IBM Financial Transaction Manager

IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection.

6.5
2017-12-11 CVE-2017-11319 Resolver Improper Privilege Management vulnerability in Resolver Perspective 5.1.1.16

Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms.

6.5
2017-12-11 CVE-2017-11463 Ivanti Permission Issues vulnerability in Ivanti Endpoint Manager 2016.4/2017.1/2017.3

In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users.

6.5
2017-12-16 CVE-2017-14090 Trendmicro Inadequate Encryption Strength vulnerability in Trendmicro Scanmail 12.0

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.

6.4
2017-12-11 CVE-2017-15896 Nodejs Unspecified vulnerability in Nodejs Node.Js

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure.

6.4
2017-12-11 CVE-2017-1000407 Redhat
Linux
Debian
Canonical
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

6.1
2017-12-13 CVE-2017-1558 IBM Open Redirect vulnerability in IBM products

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

5.8
2017-12-13 CVE-2017-14361 Microfocus Unspecified vulnerability in Microfocus Project and Portfolio Management 9.32

Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32.

5.8
2017-12-12 CVE-2017-11932 Microsoft Improper Input Validation vulnerability in Microsoft Exchange Server 2016

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".

5.8
2017-12-12 CVE-2017-16691 SAP Improper Input Validation vulnerability in SAP Business Application Software Integrated Solution

SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'.

5.8
2017-12-12 CVE-2017-16679 SAP Open Redirect vulnerability in SAP Kernel

URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.

5.8
2017-12-13 CVE-2017-5530 Tibco Unspecified vulnerability in Tibco Tibbr 6.0.0/6.0.1/7.0.0

The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges.

5.5
2017-12-13 CVE-2017-1635 IBM Use After Free vulnerability in IBM Tivoli Monitoring

IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error.

5.2
2017-12-16 CVE-2017-3192 D Link Insufficiently Protected Credentials vulnerability in D-Link Dir-130 Firmware and Dir-330 Firmware

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials.

5.0
2017-12-16 CVE-2017-3191 D Link Improper Input Validation vulnerability in D-Link Dir-130 Firmware and Dir-330 Firmware

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page.

5.0
2017-12-16 CVE-2017-3185 Acti Information Exposure vulnerability in Acti Camera Firmware A1D500V6.11.31Ac

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.

5.0
2017-12-15 CVE-2017-14101 Changehealthcare XXE vulnerability in Changehealthcare Conserus Image Repository 2.1.1.105

A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company.

5.0
2017-12-15 CVE-2017-17697 Linuxfoundation Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor

The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.

5.0
2017-12-13 CVE-2017-11305 Adobe Unspecified vulnerability in Adobe Flash Player

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

5.0
2017-12-13 CVE-2017-17537 Mikrotik Improper Input Validation vulnerability in Mikrotik Routerboard 6.39.2/6.40.5

MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.

5.0
2017-12-13 CVE-2017-17593 Simple Chatting System Project Unrestricted Upload of File with Dangerous Type vulnerability in Simple Chatting System Project Simple Chatting System 1.0

Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.

5.0
2017-12-13 CVE-2017-17568 Scubez Incorrect Permission Assignment for Critical Resource vulnerability in Scubez Posty Readymade Classifieds

Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request.

5.0
2017-12-13 CVE-2017-17567 Scubez SQL Injection vulnerability in Scubez Posty Readymade Classifieds

Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.

5.0
2017-12-12 CVE-2017-16687 SAP Information Exposure vulnerability in SAP Hana Database 1.00/2.00

The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts.

5.0
2017-12-12 CVE-2017-16680 SAP Injection vulnerability in SAP Hana Extend Application Services 1.0

Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines.

5.0
2017-12-12 CVE-2017-17553 Changyou Unspecified vulnerability in Changyou Dolphin 12.0.2

The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme.

5.0
2017-12-11 CVE-2017-1613 IBM Information Exposure vulnerability in IBM Connections 6.0

IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data.

5.0
2017-12-11 CVE-2017-1548 IBM Path Traversal vulnerability in IBM Sterling File Gateway 2.2

IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system.

5.0
2017-12-11 CVE-2017-15943 Paloaltonetworks Server-Side Request Forgery (SSRF) vulnerability in Paloaltonetworks Pan-Os

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.

5.0
2017-12-11 CVE-2017-15942 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Pan-Os

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface.

5.0
2017-12-12 CVE-2017-17565 XEN Improper Input Validation vulnerability in XEN

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.

4.7
2017-12-17 CVE-2017-17718 NET Ldap Project Improper Certificate Validation vulnerability in Net-Ldap Project Net-Ldap

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

4.3
2017-12-17 CVE-2017-17716 Gitlab Improper Certificate Validation vulnerability in Gitlab 9.4.0/9.4.1

GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement.

4.3
2017-12-17 CVE-2017-16950 Urbackup Cross-site Scripting vulnerability in Urbackup Server

Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2017-12-16 CVE-2017-17714 Boxug Cross-site Scripting vulnerability in Boxug Trape

Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.

4.3
2017-12-16 CVE-2017-14134 Maplesoft Cross-site Scripting vulnerability in Maplesoft Maple T.A. 2016.0.6

A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A.

4.3
2017-12-16 CVE-2017-3194 Pandora Information Exposure vulnerability in Pandora

Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

4.3
2017-12-16 CVE-2017-14093 Trendmicro Cross-site Scripting vulnerability in Trendmicro Scanmail 12.0

The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.

4.3
2017-12-15 CVE-2017-12373 Cisco Information Exposure Through Discrepancy vulnerability in Cisco products

A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack.

4.3
2017-12-15 CVE-2017-17698 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO

Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.

4.3
2017-12-14 CVE-2017-17680 Imagemagick
Canonical
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.

4.3
2017-12-13 CVE-2017-17669 Exiv2
Canonical
Out-of-bounds Read vulnerability in multiple products

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26.

4.3
2017-12-13 CVE-2017-17664 Digium Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk and Certified Asterisk

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9.

4.3
2017-12-13 CVE-2017-1421 IBM Cross-site Scripting vulnerability in IBM Inotes

IBM iNotes is vulnerable to cross-site scripting.

4.3
2017-12-13 CVE-2017-17549 Citrix Information Exposure vulnerability in Citrix products

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.

4.3
2017-12-13 CVE-2017-17427 Radware Information Exposure Through Discrepancy vulnerability in Radware Alteon Firmware

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack").

4.3
2017-12-13 CVE-2017-17382 Citrix Use of a Broken or Risky Cryptographic Algorithm vulnerability in Citrix products

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

4.3
2017-12-13 CVE-2017-17569 Scubez Cross-site Scripting vulnerability in Scubez Posty Readymade Classifieds

Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter.

4.3
2017-12-13 CVE-2017-13099 Wolfssl
Siemens
Arubanetworks
Information Exposure Through Discrepancy vulnerability in multiple products

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated.

4.3
2017-12-13 CVE-2017-13098 Bouncycastle Information Exposure Through Discrepancy vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated.

4.3
2017-12-12 CVE-2017-11934 Microsoft Information Exposure vulnerability in Microsoft Office 2013/2016

Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".

4.3
2017-12-12 CVE-2017-11927 Microsoft Information Exposure vulnerability in Microsoft products

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability".

4.3
2017-12-12 CVE-2017-1000385 Erlang
Debian
Information Exposure Through Discrepancy vulnerability in multiple products

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding.

4.3
2017-12-12 CVE-2017-16685 SAP Cross-site Scripting vulnerability in SAP Business Warehouse Universal Data Integration

Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.

4.3
2017-12-12 CVE-2017-16681 SAP Cross-site Scripting vulnerability in SAP Business Intelligence Promotion Management Application 4.10/4.20/4.30

Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.

4.3
2017-12-12 CVE-2017-17555 Aubio
Ffmpeg
NULL Pointer Dereference vulnerability in multiple products

The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

4.3
2017-12-12 CVE-2017-17554 Aubio NULL Pointer Dereference vulnerability in Aubio 0.4.6

A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.

4.3
2017-12-11 CVE-2017-8867 Cognitoys Unspecified vulnerability in Cognitoys Stemosaur Firmware

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.

4.3
2017-12-11 CVE-2017-8866 Cognitoys Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cognitoys Stemosaur Firmware

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.

4.3
2017-12-11 CVE-2017-8865 Cognitoys Information Exposure vulnerability in Cognitoys Stemosaur Firmware

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device.

4.3
2017-12-11 CVE-2017-15897 Nodejs Information Exposure vulnerability in Nodejs Node.Js

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified.

4.3
2017-12-11 CVE-2015-8470 Puppet Information Exposure vulnerability in Puppet

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

4.3
2017-12-11 CVE-2015-6502 Puppet Cross-site Scripting vulnerability in Puppet

Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect.

4.3
2017-12-11 CVE-2017-16723 Phoenixcontact Cross-site Scripting vulnerability in Phoenixcontact products

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40).

4.3
2017-12-11 CVE-2017-11507 Check MK Project Cross-site Scripting vulnerability in Check MK Project Check MK 1.2.8/1.4.0

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

4.3
2017-12-11 CVE-2016-6904 Netapp Credentials Management vulnerability in Netapp Vasa Provider

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication.

4.3
2017-12-11 CVE-2017-17508 Hdfgroup Divide By Zero vulnerability in Hdfgroup Hdf5 1.10.1

In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a.

4.3
2017-12-11 CVE-2017-17507 Hdfgroup Out-of-bounds Read vulnerability in Hdfgroup Hdf5 1.10.1

In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a.

4.3
2017-12-11 CVE-2017-17506 Hdfgroup Out-of-bounds Read vulnerability in Hdfgroup Hdf5 1.10.1

In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a.

4.3
2017-12-11 CVE-2017-17505 Hdfgroup NULL Pointer Dereference vulnerability in Hdfgroup Hdf5 1.10.1

In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a.

4.3
2017-12-11 CVE-2017-17504 Imagemagick
Canonical
Debian
Out-of-bounds Read vulnerability in multiple products

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

4.3
2017-12-15 CVE-2017-14184 Fortinet Information Exposure vulnerability in Fortinet Forticlient and Forticlient Sslvpn Client

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.

4.0
2017-12-15 CVE-2017-16787 Meinbergglobal Information Exposure vulnerability in Meinbergglobal Lantime Firmware

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.

4.0
2017-12-15 CVE-2017-17696 Techno Portfolio Management Panel Project Information Exposure vulnerability in Techno - Portfolio Management Panel Project Techno - Portfolio Management Panel

Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.

4.0
2017-12-15 CVE-2017-17693 Techno Portfolio Management Panel Project Missing Authorization vulnerability in Techno - Portfolio Management Panel Project Techno - Portfolio Management Panel

Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.

4.0
2017-12-13 CVE-2017-7738 Fortinet Information Exposure vulnerability in Fortinet Fortios

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.

4.0
2017-12-13 CVE-2017-4942 Vmware Unspecified vulnerability in VMWare Airwatch Console

VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability.

4.0
2017-12-12 CVE-2017-11939 Microsoft Information Exposure vulnerability in Microsoft Office 2016

Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".

4.0
2017-12-12 CVE-2017-16683 SAP Unspecified vulnerability in SAP Businessobjects 4.10/4.20

Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.

4.0
2017-12-11 CVE-2017-1550 IBM Unspecified vulnerability in IBM Sterling File Gateway 2.2

IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords.

4.0
2017-12-11 CVE-2017-1507 IBM Information Exposure vulnerability in IBM products

IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system.

4.0
2017-12-11 CVE-2014-3250 Puppet
Apache
Redhat
Improper Certificate Validation vulnerability in multiple products

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.

4.0

19 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-15 CVE-2017-17556 HP Information Exposure vulnerability in HP Synaptics Touchpad Driver

A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.

3.6
2017-12-11 CVE-2017-1760 IBM Unspecified vulnerability in IBM Websphere MQ

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information.

3.6
2017-12-15 CVE-2017-15890 Synology Cross-site Scripting vulnerability in Synology Mailplus Server

Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.

3.5
2017-12-15 CVE-2017-17694 Techno Portfolio Management Panel Project Cross-site Scripting vulnerability in Techno - Portfolio Management Panel Project Techno - Portfolio Management Panel

Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.

3.5
2017-12-13 CVE-2017-1546 IBM Cross-site Scripting vulnerability in IBM products

IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting.

3.5
2017-12-11 CVE-2017-1683 IBM Cross-site Scripting vulnerability in IBM Connections Engagement Center 6.0

IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting.

3.5
2017-12-11 CVE-2017-1632 IBM Cross-site Scripting vulnerability in IBM Sterling File Gateway 2.2

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting.

3.5
2017-12-11 CVE-2017-1549 IBM Cross-site Scripting vulnerability in IBM Sterling File Gateway 2.2

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting.

3.5
2017-12-11 CVE-2017-1536 IBM Cross-site Scripting vulnerability in IBM Websphere Portal

IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting.

3.5
2017-12-11 CVE-2017-16789 Integrationmatters
Tibco
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface.

3.5
2017-12-12 CVE-2017-12155 Ceph Missing Authentication for Critical Function vulnerability in Ceph

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable.

3.3
2017-12-16 CVE-2017-3190 AXS Improper Certificate Validation vulnerability in AXS Flash Seats

Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

2.9
2017-12-12 CVE-2017-11919 Microsoft Information Exposure vulnerability in Microsoft Chakracore, Edge and Internet Explorer

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

2.6
2017-12-12 CVE-2017-11906 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

2.6
2017-12-12 CVE-2017-11887 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

2.6
2017-12-13 CVE-2017-15530 Symantec Information Exposure vulnerability in Symantec Norton Family

Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue.

2.1
2017-12-13 CVE-2017-15529 Symantec Resource Exhaustion vulnerability in Symantec Norton Family

Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit.

2.1
2017-12-13 CVE-2017-1716 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Workload Scheduler 8.6/9.1/9.2

IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings.

2.1
2017-12-14 CVE-2017-16355 Phusion
Debian
Information Exposure vulnerability in multiple products

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.

1.2