Weekly Vulnerabilities Reports > December 18 to 24, 2017

Overview

253 new vulnerabilities reported during this period, including 25 critical vulnerabilities and 57 high severity vulnerabilities. This weekly summary report vulnerabilities in 526 products from 81 vendors including Foxitsoftware, IBM, Canonical, Huawei, and F5. Vulnerabilities are notably categorized as "Improper Input Validation", "Information Exposure", "Cross-site Scripting", "Use After Free", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 214 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 65 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 204 reported vulnerabilities are exploitable by an anonymous user.
  • Foxitsoftware has the most reported vulnerabilities, with 43 reported vulnerabilities.
  • Cambiumnetworks has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

25 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-21 CVE-2017-17411 Linksys OS Command Injection vulnerability in Linksys Wvbr0 Firmware

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0.

10.0
2017-12-20 CVE-2012-2576 Solarwinds SQL Injection vulnerability in Solarwinds Backup Profiler, Storage Manager and Storage Profiler

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.

10.0
2017-12-20 CVE-2017-16725 Xiongmaitech Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xiongmaitech products

A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface.

10.0
2017-12-19 CVE-2017-17761 Ichano Unspecified vulnerability in Ichano Athome IP Camera Firmware

An issue was discovered on Ichano AtHome IP Camera devices.

10.0
2017-12-19 CVE-2017-17759 Conarc Unspecified vulnerability in Conarc Ichannel

Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service).

10.0
2017-12-19 CVE-2017-17107 Zivif Use of Hard-coded Credentials vulnerability in Zivif Pr115-204-P-Rs Firmware 2.3.4.2103

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user.

10.0
2017-12-19 CVE-2017-17106 Zivif Insufficiently Protected Credentials vulnerability in Zivif Pr115-204-P-Rs Firmware 2.3.4.2103

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request.

10.0
2017-12-19 CVE-2017-17105 Zivif OS Command Injection vulnerability in Zivif Pr115-204-P-Rs Firmware 2.3.4.2103/4.7.4.2121

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.

10.0
2017-12-22 CVE-2017-15316 Huawei Double Free vulnerability in Huawei Mate 9 Firmware and Mate 9 PRO Firmware

The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability.

9.3
2017-12-22 CVE-2017-10909 Sony Untrusted Search Path vulnerability in Sony Music Center 1.0.00/1.0.01

Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

9.3
2017-12-21 CVE-2017-17410 Bitdefender Out-of-bounds Write vulnerability in Bitdefender Internet Security 2018

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018.

9.3
2017-12-21 CVE-2017-17409 Bitdefender Integer Overflow or Wraparound vulnerability in Bitdefender Internet Security 2018

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018.

9.3
2017-12-21 CVE-2017-17408 Bitdefender Integer Overflow or Wraparound vulnerability in Bitdefender Internet Security 2018

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018.

9.3
2017-12-19 CVE-2017-15049 Zoom OS Command Injection vulnerability in Zoom

The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.

9.3
2017-12-18 CVE-2017-16997 GNU
Redhat
Untrusted Search Path vulnerability in multiple products

elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions.

9.3
2017-12-20 CVE-2017-5260 Cambiumnetworks Incorrect Permission Assignment for Critical Resource vulnerability in Cambiumnetworks products

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.

9.0
2017-12-20 CVE-2017-5259 Cambiumnetworks Cleartext Transmission of Sensitive Information vulnerability in Cambiumnetworks products

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.

9.0
2017-12-20 CVE-2017-5255 Cambiumnetworks OS Command Injection vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware

In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root.

9.0
2017-12-20 CVE-2017-5254 Cambiumnetworks Improper Privilege Management vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware

In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.

9.0
2017-12-20 CVE-2017-16717 WE CON Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in We-Con Levi Studio HMI

A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI.

9.0
2017-12-20 CVE-2017-1696 IBM Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.3.0

IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system.

9.0
2017-12-19 CVE-2017-17758 TP Link OS Command Injection vulnerability in Tp-Link products

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.

9.0
2017-12-19 CVE-2017-17757 TP Link OS Command Injection vulnerability in Tp-Link products

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.

9.0
2017-12-19 CVE-2017-15876 Sistemagpweb Unrestricted Upload of File with Dangerous Type vulnerability in Sistemagpweb Gpweb 8.4.61

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.

9.0
2017-12-18 CVE-2017-15103 Heketi Project
Redhat
Improper Input Validation vulnerability in multiple products

A security-check flaw was found in the way the Heketi 5 server API handled user requests.

9.0

57 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-21 CVE-2017-6167 F5 Race Condition vulnerability in F5 products

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.

8.5
2017-12-22 CVE-2017-15324 Huawei Improper Input Validation vulnerability in Huawei S5700 Firmware and S6700 Firmware

Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets.

7.8
2017-12-22 CVE-2017-15320 Huawei Out-of-bounds Read vulnerability in Huawei products

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products.

7.8
2017-12-22 CVE-2017-15319 Huawei Out-of-bounds Read vulnerability in Huawei products

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products.

7.8
2017-12-22 CVE-2017-15318 Huawei Out-of-bounds Read vulnerability in Huawei products

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products.

7.8
2017-12-22 CVE-2017-15317 Huawei Out-of-bounds Read vulnerability in Huawei products

AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products.

7.8
2017-12-21 CVE-2017-6151 F5 Unspecified vulnerability in F5 products

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM.

7.8
2017-12-21 CVE-2017-6135 F5 Missing Release of Resource after Effective Lifetime vulnerability in F5 products

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.

7.8
2017-12-21 CVE-2017-6133 F5 Improper Input Validation vulnerability in F5 products

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.

7.8
2017-12-21 CVE-2017-6129 F5 Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager 12.1.2/13.0.0

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion.

7.8
2017-12-20 CVE-2017-5262 Cambiumnetworks Information Exposure vulnerability in Cambiumnetworks products

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.

7.7
2017-12-20 CVE-2017-17746 TP Link Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Sg108E Firmware 1.0.0

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials.

7.7
2017-12-19 CVE-2017-17763 Liveqos Missing Encryption of Sensitive Data vulnerability in Liveqos Superbeam

SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection.

7.6
2017-12-21 CVE-2017-17033 Qnap Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

7.5
2017-12-21 CVE-2017-17032 Qnap Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

7.5
2017-12-21 CVE-2017-17031 Qnap Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

7.5
2017-12-21 CVE-2017-17030 Qnap Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS

A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

7.5
2017-12-21 CVE-2017-17029 Qnap Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS

A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

7.5
2017-12-21 CVE-2017-17028 Qnap Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS

A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

7.5
2017-12-21 CVE-2017-17027 Qnap Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS

A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

7.5
2017-12-21 CVE-2015-7224 Puppet Improper Authentication vulnerability in Puppet Puppetlabs-Mysql

puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.

7.5
2017-12-21 CVE-2017-17821 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Safari 46

WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length.

7.5
2017-12-20 CVE-2017-17794 Blogotext Project Unspecified vulnerability in Blogotext Project Blogotext

validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field.

7.5
2017-12-20 CVE-2017-17790 Ruby Lang Injection vulnerability in Ruby-Lang Ruby

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405.

7.5
2017-12-20 CVE-2017-17779 Paid TO Read Script Project SQL Injection vulnerability in Paid TO Read Script Project Paid TO Read Script 2.0.5

Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.

7.5
2017-12-20 CVE-2017-17777 Paid TO Read Script Project Improper Authentication vulnerability in Paid TO Read Script Project Paid TO Read Script 2.0.5

Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.

7.5
2017-12-19 CVE-2017-16949 Accesspressthemes Unrestricted Upload of File with Dangerous Type vulnerability in Accesspressthemes Anonymous Post PRO 3.1.9

An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress.

7.5
2017-12-19 CVE-2017-15875 Sistemagpweb SQL Injection vulnerability in Sistemagpweb Gpweb 8.4.61

SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.

7.5
2017-12-18 CVE-2017-17721 Zuuse SQL Injection vulnerability in Zuuse Beims Contractorweb .Net 5.18.0.0

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.

7.5
2017-12-18 CVE-2017-17651 Paid TO Read Script Project SQL Injection vulnerability in Paid TO Read Script Project Paid TO Read Script 2.0.5

Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.

7.5
2017-12-18 CVE-2017-17645 Phpautoclassifiedscript SQL Injection vulnerability in PHPautoclassifiedscript BUS Booking Script 1.0

Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.

7.5
2017-12-18 CVE-2017-17643 Fortunescripts SQL Injection vulnerability in Fortunescripts Lynda Clone 1.0

FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.

7.5
2017-12-18 CVE-2017-17739 Brightsign Path Traversal vulnerability in Brightsign 4K242 Firmware

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.

7.5
2017-12-18 CVE-2017-17733 Maccms Unspecified vulnerability in Maccms 8.0

Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.

7.5
2017-12-18 CVE-2017-17731 Dedecms SQL Injection vulnerability in Dedecms 5.5/5.6/5.7

DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.

7.5
2017-12-18 CVE-2017-17730 Dedecms SQL Injection vulnerability in Dedecms 5.5/5.6/5.7

DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.

7.5
2017-12-20 CVE-2017-17806 Linux
Debian
Opensuse
Opensuse Project
Suse
Out-of-bounds Write vulnerability in Linux Kernel

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.

7.2
2017-12-20 CVE-2017-17805 Linux
Debian
Opensuse
Opensuse Project
Suse
Improper Input Validation vulnerability in Linux Kernel

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API.

7.2
2017-12-20 CVE-2017-14969 Ikarussecurity Out-of-bounds Write vulnerability in Ikarussecurity Anti.Virus 2.16.7

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114.

7.2
2017-12-20 CVE-2017-14968 Ikarussecurity Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.7

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113.

7.2
2017-12-20 CVE-2017-14967 Ikarussecurity Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.7

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080.

7.2
2017-12-20 CVE-2017-14966 Ikarussecurity Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.7

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0.

7.2
2017-12-20 CVE-2017-14965 Ikarussecurity Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.7

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc.

7.2
2017-12-20 CVE-2017-14964 Ikarussecurity Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.7

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c.

7.2
2017-12-20 CVE-2017-14963 Ikarussecurity Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.7

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058.

7.2
2017-12-20 CVE-2017-14962 Ikarussecurity Out-of-bounds Write vulnerability in Ikarussecurity Anti.Virus 2.16.7

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Out of Bounds Write vulnerability because of not validating input values from IOCtl 0x83000058, a related issue to CVE-2017-17112.

7.2
2017-12-20 CVE-2017-4943 Vmware Out-of-bounds Write vulnerability in VMWare Vcenter Server 6.5

VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin.

7.2
2017-12-20 CVE-2017-17804 Ikarussecurity Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.20

In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000084.

7.2
2017-12-20 CVE-2017-17803 Tgsoft Improper Input Validation vulnerability in Tgsoft Vir.It Explorer 8.5.65

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475.

7.2
2017-12-20 CVE-2017-17802 Tgsoft Improper Input Validation vulnerability in Tgsoft Vir.It Explorer 8.5.65

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E080.

7.2
2017-12-20 CVE-2017-17801 Tgsoft Improper Input Validation vulnerability in Tgsoft Vir.It Explorer 8.5.65

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060.

7.2
2017-12-20 CVE-2017-17800 Tgsoft Improper Input Validation vulnerability in Tgsoft Vir.It Explorer 8.5.65

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17798.

7.2
2017-12-20 CVE-2017-17799 Tgsoft Improper Input Validation vulnerability in Tgsoft Vir.It Explorer 8.5.65

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068.

7.2
2017-12-20 CVE-2017-17798 Tgsoft Improper Input Validation vulnerability in Tgsoft Vir.It Explorer 8.5.42

In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800.

7.2
2017-12-20 CVE-2017-17797 Ikarussecurity Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.20

In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058.

7.2
2017-12-20 CVE-2017-17796 Tgsoft Improper Input Validation vulnerability in Tgsoft Vir.It Explorer Lite 8.5.65

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4.

7.2
2017-12-20 CVE-2017-17795 Ikarussecurity Improper Input Validation vulnerability in Ikarussecurity Anti.Virus 2.16.20

In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088.

7.2

144 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-22 CVE-2017-15308 Huawei Improper Input Validation vulnerability in Huawei Ireader

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data.

6.8
2017-12-21 CVE-2017-6164 F5 Improper Input Validation vulnerability in F5 products

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.

6.8
2017-12-21 CVE-2017-17831 GIT Large File Storage Project Improper Input Validation vulnerability in GIT Large File Storage Project GIT Large File Storage

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.

6.8
2017-12-21 CVE-2017-17827 Piwigo Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.2

Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit.

6.8
2017-12-20 CVE-2017-17809 Goldenfrog Untrusted Search Path vulnerability in Goldenfrog Vyprvpn

In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed.

6.8
2017-12-20 CVE-2017-1746 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2017-12-20 CVE-2017-1631 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2017-12-20 CVE-2017-17476 Otrs
Debian
Information Exposure vulnerability in multiple products

Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.

6.8
2017-12-20 CVE-2017-16587 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013.

6.8
2017-12-20 CVE-2017-16586 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013.

6.8
2017-12-20 CVE-2017-16585 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013.

6.8
2017-12-20 CVE-2017-16583 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013.

6.8
2017-12-20 CVE-2017-16582 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013.

6.8
2017-12-20 CVE-2017-16581 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013.

6.8
2017-12-20 CVE-2017-16578 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013.

6.8
2017-12-20 CVE-2017-16577 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-16576 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-16575 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-16572 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-16571 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14837 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14836 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.1

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.

6.8
2017-12-20 CVE-2017-14835 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14834 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14833 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14832 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14831 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14830 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14829 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14828 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14827 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14826 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14825 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14824 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-14823 Foxitsoftware Incorrect Type Conversion or Cast vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-10959 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-10958 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-10957 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155.

6.8
2017-12-20 CVE-2017-17789 Gimp
Debian
Canonical
Out-of-bounds Write vulnerability in multiple products

In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.

6.8
2017-12-20 CVE-2017-17787 Gimp
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.

6.8
2017-12-20 CVE-2017-17786 Gimp
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.

6.8
2017-12-20 CVE-2017-17785 Gimp
Debian
Canonical
Out-of-bounds Write vulnerability in multiple products

In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.

6.8
2017-12-20 CVE-2017-17784 Gimp
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.

6.8
2017-12-20 CVE-2017-17782 Graphicsmagick
Debian
Out-of-bounds Read vulnerability in multiple products

In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.

6.8
2017-12-20 CVE-2017-17774 Piwigo Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.2

admin/configuration.php in Piwigo 2.9.2 has CSRF.

6.8
2017-12-19 CVE-2017-16786 Meinbergglobal Information Exposure vulnerability in Meinbergglobal Lantime Firmware

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.

6.8
2017-12-19 CVE-2017-15048 Zoom Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zoom

Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.

6.8
2017-12-19 CVE-2017-11562 MT4 Session Fixation vulnerability in MT4 Senhasegura 2.2.23.8

A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.

6.8
2017-12-18 CVE-2017-17727 Dedecms Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.5/5.6

DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.

6.8
2017-12-22 CVE-2017-15313 Huawei Injection vulnerability in Huawei Smartcare V200R003C10

Huawei SmartCare V200R003C10 has a CSV injection vulnerability.

6.5
2017-12-21 CVE-2017-17829 Doditsolutions SQL Injection vulnerability in Doditsolutions BUS Booking Script

Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.

6.5
2017-12-20 CVE-2017-1757 IBM SQL Injection vulnerability in IBM Security Guardium

IBM Security Guardium 10.0 is vulnerable to SQL injection.

6.5
2017-12-22 CVE-2017-16766 Synology Injection vulnerability in Synology Diskstation Manager

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.

6.4
2017-12-22 CVE-2017-16727 Moxa Weak Password Requirements vulnerability in Moxa Nport W2150A Firmware and Nport W2250A Firmware

A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11.

6.4
2017-12-20 CVE-2017-14387 EMC Unspecified vulnerability in EMC Isilon Onefs

The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports.

6.4
2017-12-19 CVE-2017-15524 Kemptechnologies Unspecified vulnerability in Kemptechnologies web Application Firewall

The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.

6.4
2017-12-18 CVE-2017-17738 Brightsign Unspecified vulnerability in Brightsign 4K242 Firmware

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.

6.4
2017-12-21 CVE-2017-17830 Doditsolutions Cross-Site Request Forgery (CSRF) vulnerability in Doditsolutions BUS Booking Script

Bus Booking Script has CSRF via admin/new_master.php.

6.0
2017-12-20 CVE-2017-4941 Vmware Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Esxi, Fusion and Workstation

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets.

6.0
2017-12-20 CVE-2017-4933 Vmware Out-of-bounds Write vulnerability in VMWare Esxi, Fusion and Workstation PRO

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption.

6.0
2017-12-22 CVE-2017-15311 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products

The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation.

5.8
2017-12-22 CVE-2017-15310 Huawei Improper Input Validation vulnerability in Huawei Ireader

Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation.

5.8
2017-12-22 CVE-2017-15309 Huawei Path Traversal vulnerability in Huawei Ireader

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths.

5.8
2017-12-20 CVE-2017-1262 IBM HTTP Response Splitting vulnerability in IBM Security Guardium

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks.

5.8
2017-12-21 CVE-2017-0304 F5 SQL Injection vulnerability in F5 Big-Ip Advanced Firewall Manager

A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules.

5.5
2017-12-20 CVE-2017-15532 Symantec Path Traversal vulnerability in Symantec Messaging Gateway

Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal).

5.5
2017-12-20 CVE-2017-1266 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

5.5
2017-12-20 CVE-2017-5263 Cambiumnetworks Cross-Site Request Forgery (CSRF) vulnerability in Cambiumnetworks products

Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.

5.4
2017-12-20 CVE-2017-17783 Graphicsmagick
Debian
Out-of-bounds Read vulnerability in multiple products

In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.

5.1
2017-12-23 CVE-2017-14022 Rockwellautomation Improper Input Validation vulnerability in Rockwellautomation Factorytalk Alarms and Events

An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier.

5.0
2017-12-22 CVE-2017-15328 Huawei Information Exposure vulnerability in Huawei Hg8245H Firmware

Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability.

5.0
2017-12-22 CVE-2017-10908 H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.
5.0
2017-12-22 CVE-2017-10869 Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.
5.0
2017-12-22 CVE-2017-10868 Dena Improper Input Validation vulnerability in Dena H2O

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.

5.0
2017-12-21 CVE-2017-17692 Samsung Information Exposure vulnerability in Samsung Internet Browser 5.4.02.3

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.

5.0
2017-12-21 CVE-2017-6140 F5 Improper Input Validation vulnerability in F5 products

On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services.

5.0
2017-12-21 CVE-2017-6138 F5 Improper Input Validation vulnerability in F5 products

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart.

5.0
2017-12-21 CVE-2017-6132 F5 Improper Input Validation vulnerability in F5 products

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart.

5.0
2017-12-21 CVE-2017-17818 Nasm
Canonical
Out-of-bounds Read vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.

5.0
2017-12-20 CVE-2017-14385 EMC Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Data Domain and Data Domain OS

An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2.

5.0
2017-12-20 CVE-2017-6094 Genexis Information Exposure vulnerability in Genexis Gaps

CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance.

5.0
2017-12-20 CVE-2017-16735 Ecava SQL Injection vulnerability in Ecava Integraxor

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior.

5.0
2017-12-20 CVE-2017-16733 Ecava SQL Injection vulnerability in Ecava Integraxor

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior.

5.0
2017-12-20 CVE-2017-1598 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium

IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2017-12-20 CVE-2017-1423 IBM Information Exposure vulnerability in IBM Websphere Portal 8.5.0.0/9.0.0.0

IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component.

5.0
2017-12-20 CVE-2017-17793 Blogotext Project Information Exposure vulnerability in Blogotext Project Blogotext

Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).

5.0
2017-12-20 CVE-2017-17776 Paid TO Read Script Project Information Exposure vulnerability in Paid TO Read Script Project Paid TO Read Script 2.0.5

Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter.

5.0
2017-12-19 CVE-2017-17088 Flexense Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Syncbreeze

The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability.

5.0
2017-12-19 CVE-2017-15877 Sistemagpweb Incorrect Permission Assignment for Critical Resource vulnerability in Sistemagpweb Gpweb 8.4.61

Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.

5.0
2017-12-18 CVE-2017-17740 Openldap
Opensuse
Oracle
Mcafee
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

5.0
2017-12-18 CVE-2017-17735 Cmsmadesimple Information Exposure vulnerability in Cmsmadesimple CMS Made Simple

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.

5.0
2017-12-18 CVE-2017-17734 Cmsmadesimple Information Exposure vulnerability in Cmsmadesimple CMS Made Simple

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.

5.0
2017-12-21 CVE-2015-4100 Puppet Improper Certificate Validation vulnerability in Puppet Enterprise

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."

4.9
2017-12-22 CVE-2017-15321 Huawei Information Exposure vulnerability in Huawei Fusionsphere Openstack V100R006C000Spc102(Nfv)

Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default.

4.3
2017-12-21 CVE-2017-6139 F5 Information Exposure Through Log Files vulnerability in F5 Big-Ip Access Policy Manager 12.1.2/13.0.0

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests.

4.3
2017-12-21 CVE-2017-6136 F5 Improper Input Validation vulnerability in F5 products

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM).

4.3
2017-12-21 CVE-2017-17826 Piwigo Cross-site Scripting vulnerability in Piwigo 2.9.2

The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request.

4.3
2017-12-21 CVE-2017-17820 Nasm
Canonical
Use After Free vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.

4.3
2017-12-21 CVE-2017-17819 Nasm
Canonical
NULL Pointer Dereference vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.

4.3
2017-12-21 CVE-2017-17817 Nasm
Canonical
Use After Free vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.

4.3
2017-12-21 CVE-2017-17816 Nasm
Canonical
Use After Free vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.

4.3
2017-12-21 CVE-2017-17815 Nasm
Canonical
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.

4.3
2017-12-21 CVE-2017-17814 Nasm
Canonical
Use After Free vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.

4.3
2017-12-21 CVE-2017-17813 Nasm
Canonical
Use After Free vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.

4.3
2017-12-21 CVE-2017-17812 Nasm
Canonical
Out-of-bounds Read vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.

4.3
2017-12-21 CVE-2017-17811 Nasm
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.

4.3
2017-12-21 CVE-2017-17810 Nasm
Canonical
Improper Input Validation vulnerability in multiple products

In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.

4.3
2017-12-20 CVE-2011-4955 Bsuite Project Cross-site Scripting vulnerability in Bsuite Project Bsuite

Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php.

4.3
2017-12-20 CVE-2017-1694 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM Integration BUS

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques.

4.3
2017-12-20 CVE-2017-17752 Codecrafters Cross-site Scripting vulnerability in Codecrafters Ability Mail Server 3.3.2

Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI).

4.3
2017-12-20 CVE-2017-4940 Vmware Cross-site Scripting vulnerability in VMWare Esxi 5.5/6.0

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS).

4.3
2017-12-20 CVE-2017-16589 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155.

4.3
2017-12-20 CVE-2017-16588 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155.

4.3
2017-12-20 CVE-2017-16584 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013.

4.3
2017-12-20 CVE-2017-16580 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013.

4.3
2017-12-20 CVE-2017-16579 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.2.25013

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013.

4.3
2017-12-20 CVE-2017-16574 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155.

4.3
2017-12-20 CVE-2017-16573 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155.

4.3
2017-12-20 CVE-2017-14822 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155.

4.3
2017-12-20 CVE-2017-14821 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155.

4.3
2017-12-20 CVE-2017-14820 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155.

4.3
2017-12-20 CVE-2017-14819 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155.

4.3
2017-12-20 CVE-2017-14818 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155.

4.3
2017-12-20 CVE-2017-10956 Foxitsoftware Information Exposure vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155.

4.3
2017-12-20 CVE-2017-17792 Blogotext Project Cross-site Scripting vulnerability in Blogotext Project Blogotext

Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment.

4.3
2017-12-20 CVE-2017-17788 Gimp
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.

4.3
2017-12-20 CVE-2017-17780 Mediaburst Cross-site Scripting vulnerability in Mediaburst products

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php.

4.3
2017-12-20 CVE-2017-17775 Piwigo Cross-site Scripting vulnerability in Piwigo 2.9.2

Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request.

4.3
2017-12-19 CVE-2017-17753 CSV Import Export Project Cross-site Scripting vulnerability in Csv-Import-Export Project Csv-Import-Export 1.0.0

Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php.

4.3
2017-12-19 CVE-2017-17744 Webdesi9 Cross-site Scripting vulnerability in Webdesi9 Custom MAP 1.0/1.0.1/1.1

A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php.

4.3
2017-12-19 CVE-2017-17719 Olyos Cross-site Scripting vulnerability in Olyos Wp-Concours

A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php.

4.3
2017-12-18 CVE-2017-15700 Apache Information Exposure vulnerability in Apache Sling Authentication Service 1.4.0

A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.

4.3
2017-12-18 CVE-2017-17649 Readymade Video Sharing Script Project Code Injection vulnerability in Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2

Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.

4.3
2017-12-18 CVE-2017-17737 Brightsign Cross-site Scripting vulnerability in Brightsign 4K242 Firmware

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.

4.3
2017-12-22 CVE-2017-10907 Spiqe Path Traversal vulnerability in Spiqe Onethird CMS Show OFF

Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier.

4.0
2017-12-22 CVE-2017-10872 H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.
4.0
2017-12-21 CVE-2017-0301 F5 Unspecified vulnerability in F5 Big-Ip Access Policy Manager

In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases.

4.0
2017-12-21 CVE-2017-17824 Piwigo SQL Injection vulnerability in Piwigo 2.9.2

The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode.

4.0
2017-12-21 CVE-2017-17823 Piwigo SQL Injection vulnerability in Piwigo 2.9.2

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter.

4.0
2017-12-21 CVE-2017-17822 Piwigo SQL Injection vulnerability in Piwigo 2.9.2

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter.

4.0
2017-12-20 CVE-2017-5261 Cambiumnetworks Path Traversal vulnerability in Cambiumnetworks products

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.

4.0
2017-12-20 CVE-2017-1257 IBM Information Exposure vulnerability in IBM Security Guardium

IBM Security Guardium 10.0 discloses sensitive information to unauthorized users.

4.0
2017-12-20 CVE-2017-16818 Redhat
Fedoraproject
Reachable Assertion vulnerability in multiple products

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.

4.0
2017-12-18 CVE-2017-14583 Netapp Improper Input Validation vulnerability in Netapp Clustered Data Ontap 9.0/9.1/9.2

NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.

4.0

27 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-22 CVE-2017-15312 Huawei Cross-site Scripting vulnerability in Huawei Smartcare V200R003C10

Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module.

3.5
2017-12-21 CVE-2017-14363 Microfocus Cross-site Scripting vulnerability in Microfocus Operations Manager I 10.60/10.61/10.62

Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62.

3.5
2017-12-21 CVE-2017-17828 Doditsolutions Cross-site Scripting vulnerability in Doditsolutions Busbooking-Script

Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.

3.5
2017-12-21 CVE-2017-17825 Piwigo Cross-site Scripting vulnerability in Piwigo 2.9.2

The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request.

3.5
2017-12-20 CVE-2017-5258 Cambiumnetworks Cross-site Scripting vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings.

3.5
2017-12-20 CVE-2017-5257 Cambiumnetworks Cross-site Scripting vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.

3.5
2017-12-20 CVE-2017-5256 Cambiumnetworks Cross-site Scripting vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware

In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.

3.5
2017-12-20 CVE-2017-17745 TP Link Cross-site Scripting vulnerability in Tp-Link Tl-Sg108E Firmware 1.0.0

Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.

3.5
2017-12-20 CVE-2017-1751 IBM Cross-site Scripting vulnerability in IBM Robotic Process Automation With Automation Anywhere 10.0.0

IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting.

3.5
2017-12-20 CVE-2017-1600 IBM Cross-site Scripting vulnerability in IBM Security Guardium

IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting.

3.5
2017-12-20 CVE-2017-1494 IBM Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.5.0/8.5.6.0/8.5.7.0

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting.

3.5
2017-12-20 CVE-2017-12072 Synology Cross-site Scripting vulnerability in Synology Photo Station

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.

3.5
2017-12-20 CVE-2017-17778 Paid TO Read Script Project Cross-site Scripting vulnerability in Paid TO Read Script Project Paid TO Read Script 2.0.5

Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter.

3.5
2017-12-19 CVE-2013-6465 Redhat Cross-site Scripting vulnerability in Redhat Jbpm 6.0.0

Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.

3.5
2017-12-18 CVE-2017-12630 Apache Cross-site Scripting vulnerability in Apache Drill

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards.

3.5
2017-12-22 CVE-2017-15322 Huawei Improper Input Validation vulnerability in Huawei Baggio-L03A Firmware Bgol03C158B003Custc158D001/Bgol03C331B009Custc331D001

Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation.

3.3
2017-12-21 CVE-2017-6134 F5 Improper Input Validation vulnerability in F5 products

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.

3.3
2017-12-20 CVE-2017-16731 ABB Insufficiently Protected Credentials vulnerability in ABB Ellipse

An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select).

2.9
2017-12-20 CVE-2017-17747 TP Link Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Sg108E Firmware 1.0.0

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.

2.7
2017-12-20 CVE-2017-17807 Linux Missing Authorization vulnerability in Linux Kernel

The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.

2.1
2017-12-20 CVE-2017-1596 IBM Information Exposure vulnerability in IBM Security Guardium

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors.

2.1
2017-12-20 CVE-2017-1595 IBM Information Exposure vulnerability in IBM Security Guardium

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors.

2.1
2017-12-20 CVE-2017-1270 IBM Session Fixation vulnerability in IBM Security Guardium

IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability.

2.1
2017-12-20 CVE-2017-1261 IBM Information Exposure vulnerability in IBM Security Guardium

IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user.

2.1
2017-12-18 CVE-2017-15104 Heketi Project
Redhat
Information Exposure vulnerability in multiple products

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable.

2.1
2017-12-18 CVE-2017-17741 Linux
Debian
Out-of-bounds Read vulnerability in Linux Kernel

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.

2.1
2017-12-22 CVE-2017-15307 Huawei Unspecified vulnerability in Huawei Honor 8 Firmware

Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.

1.9