Weekly Vulnerabilities Reports > December 25 to 31, 2017

Overview

216 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 191 products from 90 vendors including Apple, Debian, Linux, Imagemagick, and Canonical. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-Site Request Forgery (CSRF)", and "Improper Input Validation".

  • 192 reported vulnerabilities are remotely exploitables.
  • 31 reported vulnerabilities have public exploit available.
  • 89 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 183 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 33 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 14 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

24 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-31 CVE-2017-18001 Trustwave Missing Authentication for Critical Function vulnerability in Trustwave Secure web Gateway 11.8.0.27

Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.

10.0
2017-12-29 CVE-2017-17968 XI Soft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xi-Soft Nettransport Download Manager

A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.

10.0
2017-12-28 CVE-2017-17932 Allmediaserver Buffer Errors vulnerability in Allmediaserver 0.95

A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888.

10.0
2017-12-28 CVE-2014-8389 Airlive OS Command Injection vulnerability in Airlive products

cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests.

10.0
2017-12-27 CVE-2017-9944 Siemens Improper Privilege Management vulnerability in Siemens 7KT Pac1200 Data Manager Firmware

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03.

10.0
2017-12-27 CVE-2017-17878 Valvesoftware USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Valvesoftware Steam Link Firmware

An issue was discovered in Valve Steam Link build 643.

10.0
2017-12-27 CVE-2017-17877 Valvesoftware Unspecified vulnerability in Valvesoftware Steam Link Firmware

An issue was discovered in Valve Steam Link build 643.

10.0
2017-12-27 CVE-2017-17849 Getgosoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Getgosoft Getgo Download Manager

A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.

10.0
2017-12-27 CVE-2017-7163 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-12-27 CVE-2017-7162 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

9.3
2017-12-27 CVE-2017-7159 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-12-27 CVE-2017-7155 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-12-27 CVE-2017-16897 Auth0 Authentication Bypass BY Spoofing vulnerability in Auth0 Passport-Wsfed-Saml2

A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5.

9.3
2017-12-25 CVE-2017-13883 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-12-25 CVE-2017-13879 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

9.3
2017-12-25 CVE-2017-13876 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

9.3
2017-12-25 CVE-2017-13875 Apple Out-Of-Bounds Read vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-12-25 CVE-2017-13867 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

9.3
2017-12-25 CVE-2017-13862 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

9.3
2017-12-25 CVE-2017-13861 Apple Buffer Errors vulnerability in Apple Iphone OS, Tvos and Watchos

An issue was discovered in certain Apple products.

9.3
2017-12-25 CVE-2017-13858 Apple Improper Input Validation vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-12-25 CVE-2017-13848 Apple Improper Input Validation vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

9.3
2017-12-25 CVE-2017-13847 Apple Buffer Errors vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

9.3
2017-12-27 CVE-2017-17888 Hoytech OS Command Injection vulnerability in Hoytech Antiweb

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097.

9.0

38 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-30 CVE-2017-14855 Redlion Unspecified vulnerability in Redlion HMI Panel Firmware 2.41

Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.

7.8
2017-12-29 CVE-2017-17901 Zyxel Resource Exhaustion vulnerability in Zyxel P-660Hw Firmware

ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.

7.8
2017-12-26 CVE-2017-12741 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incl.

7.8
2017-12-29 CVE-2014-9515 Dozer Project Deserialization of Untrusted Data vulnerability in Dozer Project Dozer

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.

7.5
2017-12-29 CVE-2014-3630 Lightbend
Playframework
XXE vulnerability in multiple products

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

7.5
2017-12-29 CVE-2014-0121 Hawt
Redhat
Improper Authentication vulnerability in multiple products

The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.

7.5
2017-12-29 CVE-2014-4914 Zend
Debian
SQL Injection vulnerability in multiple products

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

7.5
2017-12-28 CVE-2017-17959 PHP Multivendor Ecommerce Project SQL Injection vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.

7.5
2017-12-28 CVE-2017-17957 PHP Multivendor Ecommerce Project SQL Injection vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.

7.5
2017-12-28 CVE-2017-17951 PHP Multivendor Ecommerce Project SQL Injection vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.

7.5
2017-12-28 CVE-2017-5641 Apache
HP
Deserialization of Untrusted Data vulnerability in multiple products

Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default.

7.5
2017-12-27 CVE-2015-7669 Easy2Map Path Traversal vulnerability in Easy2Map

Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."

7.5
2017-12-27 CVE-2015-6237 Tripwire Improper Authentication vulnerability in Tripwire Ip360 7.2.2/7.2.4/7.2.5

The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."

7.5
2017-12-27 CVE-2017-17931 Resume Clone Script Project SQL Injection vulnerability in Resume Clone Script Project Resume Clone Script 2.0.5

PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.

7.5
2017-12-27 CVE-2017-17928 Ordermanagementscript SQL Injection vulnerability in Ordermanagementscript Professional Service Script

PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.

7.5
2017-12-27 CVE-2017-17906 CAR Rental Script Project SQL Injection vulnerability in CAR Rental Script Project CAR Rental Script 2.0.8

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.

7.5
2017-12-27 CVE-2017-17900 Dolibarr SQL Injection vulnerability in Dolibarr 6.0.4

SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.

7.5
2017-12-27 CVE-2017-17899 Dolibarr SQL Injection vulnerability in Dolibarr 6.0.4

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.

7.5
2017-12-27 CVE-2017-17897 Dolibarr SQL Injection vulnerability in Dolibarr 6.0.4

SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2017-12-27 CVE-2017-17895 Basic JOB Site Script Project SQL Injection vulnerability in Basic JOB Site Script Project Basic JOB Site Script

Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.

7.5
2017-12-27 CVE-2017-17892 Readymade Video Sharing Script Project SQL Injection vulnerability in Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2

Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.

7.5
2017-12-27 CVE-2017-17875 Jextn SQL Injection vulnerability in Jextn FAQ PRO 4.0.0

The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.

7.5
2017-12-27 CVE-2017-17873 Vanguard Project SQL Injection vulnerability in Vanguard Project Marketplace Digital products PHP 1.4.0

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.

7.5
2017-12-27 CVE-2017-17872 Jextn SQL Injection vulnerability in Jextn Video Gallery 3.0.5

The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.

7.5
2017-12-27 CVE-2017-17871 Jextn SQL Injection vulnerability in Jextn Question and Answer 3.1.0

The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.

7.5
2017-12-27 CVE-2017-17870 Jbuildozer SQL Injection vulnerability in Jbuildozer 1.4.1

The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.

7.5
2017-12-27 CVE-2017-17845 Enigmail
Debian
USE of Cryptographically Weak Pseudo-Random Number Generator (Prng) vulnerability in multiple products

An issue was discovered in Enigmail before 1.9.9.

7.5
2017-12-27 CVE-2016-6914 Ubnt
Microsoft
Permission Issues vulnerability in Ubnt Unifi Video 2.1.3/3.0.1

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.

7.2
2017-12-27 CVE-2017-17863 Linux
Debian
Integer Overflow OR Wraparound vulnerability in multiple products

kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.

7.2
2017-12-27 CVE-2017-17857 Linux
Debian
Buffer Errors vulnerability in Linux Kernel

The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.

7.2
2017-12-27 CVE-2017-17856 Linux
Debian
Buffer Errors vulnerability in Linux Kernel

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.

7.2
2017-12-27 CVE-2017-17855 Linux
Debian
Buffer Errors vulnerability in Linux Kernel

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.

7.2
2017-12-27 CVE-2017-17854 Linux
Debian
Integer Overflow OR Wraparound vulnerability in Linux Kernel

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.

7.2
2017-12-27 CVE-2017-17853 Linux
Debian
Buffer Errors vulnerability in Linux Kernel

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.

7.2
2017-12-27 CVE-2017-17852 Linux
Debian
Buffer Errors vulnerability in Linux Kernel

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.

7.2
2017-12-27 CVE-2017-16996 Linux
Debian
Buffer Errors vulnerability in Linux Kernel

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.

7.2
2017-12-27 CVE-2017-16995 Linux
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.

7.2
2017-12-27 CVE-2017-17914 Imagemagick
Canonical
Debian
Excessive Iteration vulnerability in multiple products

In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.

7.1

128 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-30 CVE-2017-17990 Iwcnetwork Cross-Site Request Forgery (CSRF) vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0

Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.

6.8
2017-12-29 CVE-2014-0120 Hawt
Redhat
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."

6.8
2017-12-29 CVE-2017-17973 Libtiff USE After Free vulnerability in Libtiff 4.0.8

** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c.

6.8
2017-12-29 CVE-2017-17920 Rubyonrails SQL Injection vulnerability in Rubyonrails Ruby ON Rails

** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter.

6.8
2017-12-29 CVE-2017-17919 Rubyonrails SQL Injection vulnerability in Rubyonrails Ruby ON Rails

** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter.

6.8
2017-12-29 CVE-2017-17917 Rubyonrails SQL Injection vulnerability in Rubyonrails Ruby ON Rails

** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter.

6.8
2017-12-29 CVE-2017-17916 Rubyonrails SQL Injection vulnerability in Rubyonrails Ruby ON Rails

** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter.

6.8
2017-12-28 CVE-2017-17960 PHP Multivendor Ecommerce Project Cross-Site Request Forgery (CSRF) vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce

PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.

6.8
2017-12-28 CVE-2017-17942 Libtiff Out-Of-Bounds Read vulnerability in Libtiff 4.0.9

In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.

6.8
2017-12-28 CVE-2017-17939 Single Theater Booking Script Project Cross-Site Request Forgery (CSRF) vulnerability in Single Theater Booking Script Project Single Theater Booking Script 3.2.2

PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.

6.8
2017-12-28 CVE-2017-17936 Vanguard Project Cross-Site Request Forgery (CSRF) vulnerability in Vanguard Project Marketplace Digital products PHP

Vanguard Marketplace Digital Products PHP has CSRF via /search.

6.8
2017-12-28 CVE-2015-3637 Phpmybackuppro SQL Injection vulnerability in PHPmybackuppro

SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.

6.8
2017-12-27 CVE-2017-13056 Tracker Software Improper Input Validation vulnerability in Tracker-Software Pdf-Xchange Viewer 2.5

The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.

6.8
2017-12-27 CVE-2017-7160 Apple
Microsoft
Canonical
Buffer Errors vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-12-27 CVE-2017-7158 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

6.8
2017-12-27 CVE-2017-7157 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-12-27 CVE-2017-7156 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-12-27 CVE-2017-17930 Ordermanagementscript Cross-Site Request Forgery (CSRF) vulnerability in Ordermanagementscript Professional Service Script

PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.

6.8
2017-12-27 CVE-2017-17915 Graphicsmagick
Debian
Out-Of-Bounds Read vulnerability in multiple products

In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.

6.8
2017-12-27 CVE-2017-17913 Graphicsmagick
Debian
Out-Of-Bounds Read vulnerability in multiple products

In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.

6.8
2017-12-27 CVE-2017-17912 Graphicsmagick
Debian
Out-Of-Bounds Read vulnerability in multiple products

In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.

6.8
2017-12-27 CVE-2017-17908 Responsive Realestate Script Project Cross-Site Request Forgery (CSRF) vulnerability in Responsive Realestate Script Project Responsive Realestate Script 3.3.3

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.

6.8
2017-12-27 CVE-2017-17905 CAR Rental Script Project Cross-Site Request Forgery (CSRF) vulnerability in CAR Rental Script Project CAR Rental Script 2.0.8

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.

6.8
2017-12-27 CVE-2017-17903 Fortunescripts Cross-Site Request Forgery (CSRF) vulnerability in Fortunescripts Lynda Clone 1.0

FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.

6.8
2017-12-27 CVE-2017-17894 Basic JOB Site Script Project Cross-Site Request Forgery (CSRF) vulnerability in Basic JOB Site Script Project Basic JOB Site Script

Readymade Job Site Script has CSRF via the /job URI.

6.8
2017-12-27 CVE-2017-17891 Readymade Video Sharing Script Project Cross-Site Request Forgery (CSRF) vulnerability in Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2

Readymade Video Sharing Script has CSRF via user-profile-edit.php.

6.8
2017-12-27 CVE-2017-17880 Imagemagick Out-Of-Bounds Read vulnerability in Imagemagick 7.0.716

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.

6.8
2017-12-27 CVE-2017-17879 Imagemagick
Canonical
Debian
Out-Of-Bounds Read vulnerability in multiple products

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.

6.8
2017-12-27 CVE-2017-17866 Artifex
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.

6.8
2017-12-27 CVE-2017-17010 Sony Untrusted Search Path vulnerability in Sony Content Manager Assistant

Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

6.8
2017-12-25 CVE-2017-13870 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-12-25 CVE-2017-13866 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-12-25 CVE-2017-13856 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

An issue was discovered in certain Apple products.

6.8
2017-12-30 CVE-2017-17987 Muslim Matrimonial Script Project Unrestricted Upload of File With Dangerous Type vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3

PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.

6.5
2017-12-30 CVE-2017-17983 Muslim Matrimonial Script Project SQL Injection vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3

PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.

6.5
2017-12-28 CVE-2017-17950 Cells SQL Injection vulnerability in Cells Blog 3.5

Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.

6.5
2017-12-28 CVE-2017-17941 Single Theater Booking Script Project SQL Injection vulnerability in Single Theater Booking Script Project Single Theater Booking Script 3.2.2

PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.

6.5
2017-12-27 CVE-2017-17874 Vanguard Project Unrestricted Upload of File With Dangerous Type vulnerability in Vanguard Project Marketplace Digital products PHP 1.4.0

Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.

6.5
2017-12-30 CVE-2017-17982 Muslim Matrimonial Script Project Cross-Site Request Forgery (CSRF) vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3

PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.

6.0
2017-12-31 CVE-2017-17704 Swhouse USE of Insufficiently Random Values vulnerability in Swhouse Istar Ultra Firmware

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module.

5.8
2017-12-26 CVE-2017-12736 Siemens Improper Initialization vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)).

5.8
2017-12-27 CVE-2017-7154 Apple Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos

An issue was discovered in certain Apple products.

5.6
2017-12-25 CVE-2017-13878 Apple Out-Of-Bounds Read vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.6
2017-12-30 CVE-2017-17997 Wireshark
Debian
Null Pointer Dereference vulnerability in multiple products

In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes.

5.0
2017-12-30 CVE-2017-17992 Iwcnetwork Path Traversal vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0

Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.

5.0
2017-12-29 CVE-2015-8008 Mediawiki
Fedoraproject
Improper Access Control vulnerability in multiple products

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

5.0
2017-12-29 CVE-2015-3302 Thecartpress Improper Access Control vulnerability in Thecartpress Ecommerce Shopping Cart

The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."

5.0
2017-12-29 CVE-2014-8119 Fedoraproject
Redhat
Netcf Project
Improper Input Validation vulnerability in multiple products

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

5.0
2017-12-29 CVE-2013-4578 Oracle Injection vulnerability in Oracle JDK and JRE

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

5.0
2017-12-29 CVE-2017-17974 Basystems Unspecified vulnerability in Basystems Bas920 Firmware and Isc2000 Firmware

BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account.

5.0
2017-12-29 CVE-2014-3651 Keycloak Resource Exhaustion vulnerability in Keycloak

JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.

5.0
2017-12-29 CVE-2013-7400 DKD Information Exposure vulnerability in DKD Direct Mail

The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.

5.0
2017-12-28 CVE-2017-17952 PHP Multivendor Ecommerce Project Improper Input Validation vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce

PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.

5.0
2017-12-28 CVE-2017-15667 Flexense Improper Input Validation vulnerability in Flexense Sysgauge 3.6.18

In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service.

5.0
2017-12-27 CVE-2017-17935 Wireshark
Debian
Out-Of-Bounds Read vulnerability in multiple products

The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.

5.0
2017-12-27 CVE-2017-17927 Ordermanagementscript Path Traversal vulnerability in Ordermanagementscript Professional Service Script

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.

5.0
2017-12-27 CVE-2017-17926 Ordermanagementscript Information Exposure vulnerability in Ordermanagementscript Professional Service Script

PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.

5.0
2017-12-27 CVE-2017-17924 Ordermanagementscript Path Traversal vulnerability in Ordermanagementscript Professional Service Script

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.

5.0
2017-12-27 CVE-2017-17898 Dolibarr Information Exposure vulnerability in Dolibarr 6.0.4

Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.

5.0
2017-12-27 CVE-2017-17876 Iwcnetwork Permission Issues vulnerability in Iwcnetwork Shift 3.0

Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.

5.0
2017-12-27 CVE-2017-17850 Digium Improper Input Validation vulnerability in Digium Asterisk and Certified Asterisk

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older.

5.0
2017-12-27 CVE-2017-17848 Enigmail
Debian
Improper Verification of Cryptographic Signature vulnerability in multiple products

An issue was discovered in Enigmail before 1.9.9.

5.0
2017-12-27 CVE-2017-17847 Enigmail
Debian
Improper Verification of Cryptographic Signature vulnerability in multiple products

An issue was discovered in Enigmail before 1.9.9.

5.0
2017-12-27 CVE-2017-17846 Enigmail
Debian
Improper Input Validation vulnerability in multiple products

An issue was discovered in Enigmail before 1.9.9.

5.0
2017-12-27 CVE-2017-1698 IBM Information Exposure vulnerability in IBM Websphere Portal

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system.

5.0
2017-12-25 CVE-2017-13903 Apple Unspecified vulnerability in Apple Iphone OS and Tvos

An issue was discovered in certain Apple products.

5.0
2017-12-25 CVE-2017-13874 Apple Unspecified vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

5.0
2017-12-25 CVE-2017-13871 Apple Unspecified vulnerability in Apple mac OS X

An issue was discovered in certain Apple products.

5.0
2017-12-30 CVE-2017-17975 Linux USE After Free vulnerability in Linux Kernel

Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.

4.9
2017-12-27 CVE-2017-17862 Linux
Debian
Improper Input Validation vulnerability in Linux Kernel

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers.

4.9
2017-12-27 CVE-2017-11698 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Network Security Services

Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

4.6
2017-12-27 CVE-2017-11697 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Network Security Services

The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.

4.6
2017-12-27 CVE-2017-11696 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Network Security Services

Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

4.6
2017-12-27 CVE-2017-11695 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Network Security Services

Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

4.6
2017-12-27 CVE-2017-17840 Open Iscsi Project Buffer Errors vulnerability in Open-Iscsi Project Open-Iscsi 2.0.873/2.0.874/2.0.875

An issue was discovered in Open-iSCSI through 2.0.875.

4.6
2017-12-31 CVE-2017-18005 Exiv2 Null Pointer Dereference vulnerability in Exiv2 0.26

Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.

4.3
2017-12-30 CVE-2016-10704 Magento Cross-Site Scripting vulnerability in Magento

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.

4.3
2017-12-30 CVE-2017-12813 Stivasoft Cross-Site Scripting vulnerability in Stivasoft PHPjabbers File Sharing Script 1.0

PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.

4.3
2017-12-30 CVE-2017-12812 Stivasoft Cross-Site Scripting vulnerability in Stivasoft PHPjabbers Night Club Booking Software 1.0

PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.

4.3
2017-12-30 CVE-2017-12811 Stivasoft Cross-Site Scripting vulnerability in Stivasoft PHPjabbers Star Rating Script 4.0

PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.

4.3
2017-12-30 CVE-2017-12810 Stivasoft Cross-Site Scripting vulnerability in Stivasoft PHPjabbers Newsletter Script 4.2

PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.

4.3
2017-12-29 CVE-2017-17971 Dolibarr Cross-Site Scripting vulnerability in Dolibarr 6.0.4

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.

4.3
2017-12-29 CVE-2017-17933 Netwinsite Cross-Site Scripting vulnerability in Netwinsite Surgeftp 23F2

cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.

4.3
2017-12-29 CVE-2017-17760 Opencv
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.

4.3
2017-12-29 CVE-2017-16876 Mistune Project
Fedoraproject
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.

4.3
2017-12-28 CVE-2017-17967 Ksosoft Improper Input Validation vulnerability in Ksosoft WPS Office 10.1.0.6930

pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482.

4.3
2017-12-28 CVE-2017-17958 PHP Multivendor Ecommerce Project Cross-Site Scripting vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.

4.3
2017-12-28 CVE-2017-17956 PHP Multivendor Ecommerce Project Cross-Site Scripting vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter.

4.3
2017-12-28 CVE-2017-17955 PHP Multivendor Ecommerce Project Cross-Site Scripting vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.

4.3
2017-12-28 CVE-2017-17954 PHP Multivendor Ecommerce Project Cross-Site Scripting vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.

4.3
2017-12-28 CVE-2017-17953 PHP Multivendor Ecommerce Project Cross-Site Scripting vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.

4.3
2017-12-28 CVE-2017-17949 Cells Cross-Site Scripting vulnerability in Cells Blog 3.5

Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter.

4.3
2017-12-28 CVE-2017-17948 Cells Cross-Site Scripting vulnerability in Cells Blog 3.5

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request.

4.3
2017-12-28 CVE-2017-17937 Vanguard Project Cross-Site Scripting vulnerability in Vanguard Project Marketplace Digital products PHP

Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.

4.3
2017-12-28 CVE-2015-7889 Google
Samsung
Permission Issues vulnerability in Google Android

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.

4.3
2017-12-27 CVE-2017-9608 Ffmpeg Null Pointer Dereference vulnerability in Ffmpeg

The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.

4.3
2017-12-27 CVE-2015-7668 Easy2Map Cross-Site Scripting vulnerability in Easy2Map

Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter.

4.3
2017-12-27 CVE-2015-7667 WEB MV Cross-Site Scripting vulnerability in Web-Mv Resads 1.0/1.0.1

Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2017-12-27 CVE-2015-7666 Codepeople Cross-Site Scripting vulnerability in Codepeople Payment Form for Paypal PRO 1.0.1

Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter.

4.3
2017-12-27 CVE-2015-7324 Stackideas Cross-Site Scripting vulnerability in Stackideas Komento

Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment.

4.3
2017-12-27 CVE-2017-7152 Apple Unspecified vulnerability in Apple Iphone OS

An issue was discovered in certain Apple products.

4.3
2017-12-27 CVE-2017-17934 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.

4.3
2017-12-27 CVE-2017-17911 Archon Cross-Site Scripting vulnerability in Archon 3.21

packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503.

4.3
2017-12-27 CVE-2017-17907 CAR Rental Script Project Cross-Site Scripting vulnerability in CAR Rental Script Project CAR Rental Script 2.0.8

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.

4.3
2017-12-27 CVE-2017-17896 Basic JOB Site Script Project Cross-Site Scripting vulnerability in Basic JOB Site Script Project Basic JOB Site Script

Readymade Job Site Script has XSS via the keyword parameter to the /job URI.

4.3
2017-12-27 CVE-2017-17893 Readymade Video Sharing Script Project Cross-Site Scripting vulnerability in Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2

Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter.

4.3
2017-12-27 CVE-2017-17887 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.

4.3
2017-12-27 CVE-2017-17886 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.

4.3
2017-12-27 CVE-2017-17885 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.

4.3
2017-12-27 CVE-2017-17884 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.

4.3
2017-12-27 CVE-2017-17883 Imagemagick Missing Release of Resource After Effective Lifetime vulnerability in Imagemagick 7.0.712

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.

4.3
2017-12-27 CVE-2017-17882 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.

4.3
2017-12-27 CVE-2017-17881 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.

4.3
2017-12-27 CVE-2017-17869 MGL Instagram Gallery Project Cross-Site Scripting vulnerability in Mgl-Instagram-Gallery Project Mgl-Instagram-Gallery

The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.

4.3
2017-12-27 CVE-2017-17868 Liferay Cross-Site Scripting vulnerability in Liferay Portal 6.1.0

In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.

4.3
2017-12-27 CVE-2017-17859 Samsung Cross-Site Scripting vulnerability in Samsung Internet Browser 6.2.01.12

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file.

4.3
2017-12-27 CVE-2017-17844 Enigmail
Debian
Cleartext Transmission of Sensitive Information vulnerability in multiple products

An issue was discovered in Enigmail before 1.9.9.

4.3
2017-12-27 CVE-2017-17843 Enigmail
Debian
An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.
4.3
2017-12-26 CVE-2017-12740 Siemens Insufficient Verification of Data Authenticity vulnerability in Siemens Logo! Soft Comfort

Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel.

4.3
2017-12-25 CVE-2017-13869 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-12-25 CVE-2017-13868 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-12-25 CVE-2017-13865 Apple Information Exposure vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-12-25 CVE-2017-13864 Apple
Microsoft
Information Exposure vulnerability in Apple Icloud and Itunes

An issue was discovered in certain Apple products.

4.3
2017-12-25 CVE-2017-13860 Apple Unspecified vulnerability in Apple Iphone OS and mac OS X

An issue was discovered in certain Apple products.

4.3
2017-12-25 CVE-2017-13855 Apple Incorrect Type Conversion OR Cast vulnerability in Apple products

An issue was discovered in certain Apple products.

4.3
2017-12-28 CVE-2017-15886 Synology Server-Side Request Forgery (SSRF) vulnerability in Synology Chat

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.

4.0
2017-12-28 CVE-2017-10910 Mqtt JS Project Uncontrolled Recursion vulnerability in Mqtt.Js Project Mqtt.Js

MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.

4.0
2017-12-27 CVE-2017-1191 IBM Unspecified vulnerability in IBM products

An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access.

4.0

26 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-12-29 CVE-2014-4978 Rawstudio
Fedoraproject
Link Following vulnerability in multiple products

The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.

3.6
2017-12-31 CVE-2017-18004 Zurmo Cross-Site Scripting vulnerability in Zurmo CRM 3.2.3

Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.

3.5
2017-12-30 CVE-2017-17089 Webmin Cross-Site Scripting vulnerability in Webmin

custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.

3.5
2017-12-30 CVE-2017-17995 Iwcnetwork Cross-Site Scripting vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0

Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.

3.5
2017-12-30 CVE-2017-17994 Iwcnetwork Cross-Site Scripting vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0

Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.

3.5
2017-12-30 CVE-2017-17993 Iwcnetwork Cross-Site Scripting vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0

Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.

3.5
2017-12-30 CVE-2017-17991 Iwcnetwork Cross-Site Scripting vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0

Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.

3.5
2017-12-30 CVE-2017-17989 Iwcnetwork Cross-Site Scripting vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0

Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.

3.5
2017-12-30 CVE-2017-17988 Muslim Matrimonial Script Project Cross-Site Scripting vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.

3.5
2017-12-30 CVE-2017-17986 Muslim Matrimonial Script Project Cross-Site Scripting vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.

3.5
2017-12-30 CVE-2017-17985 Muslim Matrimonial Script Project Cross-Site Scripting vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter.

3.5
2017-12-30 CVE-2017-17984 Muslim Matrimonial Script Project Cross-Site Scripting vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.

3.5
2017-12-30 CVE-2017-17981 Muslim Matrimonial Script Project Cross-Site Scripting vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter.

3.5
2017-12-28 CVE-2017-15892 Synology Cross-Site Scripting vulnerability in Synology Chat

Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter.

3.5
2017-12-28 CVE-2017-17940 Single Theater Booking Script Project Cross-Site Scripting vulnerability in Single Theater Booking Script Project Single Theater Booking Script 3.2.2

PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.

3.5
2017-12-28 CVE-2017-17938 Single Theater Booking Script Project Cross-Site Scripting vulnerability in Single Theater Booking Script Project Single Theater Booking Script 3.2.2

PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.

3.5
2017-12-27 CVE-2017-16768 Synology Cross-Site Scripting vulnerability in Synology Mailplus Server

Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.

3.5
2017-12-27 CVE-2017-17929 Ordermanagementscript Cross-Site Scripting vulnerability in Ordermanagementscript Professional Service Script

PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.

3.5
2017-12-27 CVE-2017-17925 Ordermanagementscript Cross-Site Scripting vulnerability in Ordermanagementscript Professional Service Script

PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.

3.5
2017-12-27 CVE-2017-17909 Responsive Realestate Script Project Cross-Site Scripting vulnerability in Responsive Realestate Script Project Responsive Realestate Script 3.3.3

PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.

3.5
2017-12-27 CVE-2017-17904 Fortunescripts Cross-Site Scripting vulnerability in Fortunescripts Lynda Clone 1.0

FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile.

3.5
2017-12-27 CVE-2017-17832 Serverscheck Cross-Site Scripting vulnerability in Serverscheck Monitoring Software

ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page).

3.5
2017-12-27 CVE-2017-1365 IBM Cross-Site Scripting vulnerability in IBM products

IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting.

3.5
2017-12-29 CVE-2017-17910 Hoermann USE of Insufficiently Random Values vulnerability in Hoermann products

On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission.

3.3
2017-12-29 CVE-2016-3695 Linux
Redhat
Injection vulnerability in multiple products

The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.

2.1
2017-12-27 CVE-2017-17864 Linux
Debian
Information Exposure vulnerability in Linux Kernel

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."

2.1