SB17-128: Vulnerability Summary for the Week of May 1, 2017
Original release date: May 08, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High Vulnerabilities
Back to top
Primary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info iodata -- wn-g300r3_firmware WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. 2017-04-28 9.0 CVE-2017-2141
JVN
MISCiodata -- wn-g300r3_firmware Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 10.0 CVE-2017-2142
JVN
MISCipa -- appgoat Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. 2017-04-28 7.5 CVE-2017-2101
JVN
BIDMedium Vulnerabilities
Back to top
Primary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info booking_calendar_project -- booking_calendar Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. 2017-04-28 5.0 CVE-2017-2150
JVN
MISCbooking_calendar_project -- booking_calendar Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2151
JVN
MISCbuffalo_inc -- wnc01wh_firmware WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 5.2 CVE-2017-2152
JVNcubecart -- cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. 2017-04-28 4.0 CVE-2017-2090
JVN
BID
MISCcubecart -- cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. 2017-04-28 4.0 CVE-2017-2098
JVN
BID
MISCcubecart -- cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. 2017-04-28 4.0 CVE-2017-2117
JVN
BID
MISCcybozu -- garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. 2017-04-28 4.0 CVE-2017-2091
JVN
BID
MISCcybozu -- garoon Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. 2017-04-28 4.3 CVE-2017-2093
JVN
BID
MISCcybozu -- garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. 2017-04-28 4.0 CVE-2017-2094
JVN
BID
MISCcybozu -- garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. 2017-04-28 4.0 CVE-2017-2095
JVN
BID
MISCcybozu -- office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. 2017-04-28 4.0 CVE-2017-2115
JVN
BID
MISCcybozu -- office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. 2017-04-28 4.0 CVE-2017-2116
JVN
BID
MISCgaku -- tablacus_explorer Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. 2017-04-28 6.8 CVE-2017-2140
JVN
MISCi.con_corporation -- hoozin_viewer Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage. 2017-04-28 6.8 CVE-2017-2155
JVN
MISCibm -- websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. 2017-04-28 6.8 CVE-2017-1194
CONFIRM
BIDimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8343
BID
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8344
BID
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8345
BID
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8346
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8347
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8348
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8349
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8350
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8351
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8352
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8353
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8354
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8355
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8356
CONFIRMimagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8357
CONFIRMinformation-technology_promotion_agency -- introduction_to_safe_website_operation Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. 2017-04-28 6.8 CVE-2017-2128
JVN
BIDipa -- appgoat Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. 2017-04-28 6.8 CVE-2017-2099
JVN
BIDipa -- appgoat Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. 2017-04-28 6.8 CVE-2017-2100
JVN
BIDipa -- appgoat Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-04-28 6.8 CVE-2017-2102
JVN
BIDjustsystems -- hanako Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 6.8 CVE-2017-2154
JVN
MISClibarchive -- libarchive The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. 2017-04-30 4.3 CVE-2016-10349
MISClibarchive -- libarchive The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. 2017-04-30 4.3 CVE-2016-10350
MISClibsndfile_project -- libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. 2017-04-30 4.3 CVE-2017-8361
MISClibsndfile_project -- libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. 2017-04-30 4.3 CVE-2017-8362
MISClibsndfile_project -- libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. 2017-04-30 4.3 CVE-2017-8363
MISClibsndfile_project -- libsndfile The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. 2017-04-30 4.3 CVE-2017-8365
MISCnetgear -- prosafe_plus_configuration_utility ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. 2017-04-28 4.3 CVE-2017-2137
JVN
MISColive_design -- olive_blog Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. 2017-04-28 4.3 CVE-2016-7839
JVN
BIDolive_design -- olive_blog Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter. 2017-04-28 4.3 CVE-2016-7840
JVN
BIDolive_design -- olive_diary_dx Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. 2017-04-28 4.3 CVE-2016-7841
JVN
BIDonethird -- onethird_cms Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. 2017-04-28 4.3 CVE-2017-2123
JVN
BID
MISConethird -- onethird_cms Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php. 2017-04-28 4.3 CVE-2017-2124
JVN
MISCsecurebrain -- phishwall_client_for_internet_explorer Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-04-28 6.8 CVE-2017-2130
JVN
MISC
BIDuchida_yoko_co._ltd -- assetbase Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2134
JVN
BIDwbce -- wbce_cms Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2118
JVN
BID
MISCwbce -- wbce_cms Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. 2017-04-28 5.0 CVE-2017-2119
JVN
BID
MISCwbce -- wbce_cms SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. 2017-04-28 6.0 CVE-2017-2120
JVN
BID
MISCwp_statistics -- wp_statistics Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2135
JVN
MISCwp_statistics -- wp_statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. 2017-04-28 4.3 CVE-2017-2136
JVN
BID
MISCwp_statistics -- wp_statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2147
JVN
BID
MISCLow Vulnerabilities
Back to top
Primary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info cybozu -- garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2092
JVN
BID
MISCcybozu -- office Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2114
JVN
BID
MISCiodata -- wn-ac1167gr_firmware Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2148
JVN
MISC
BIDyourownprogrammer -- yop_poll Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2127
JVN
BIDSeverity Not Yet Assigned
Back to top
Primary
Vendor -- ProductDescription Published CVSS Score Source & Patch Info 21st_century_insurance -- 21st_century_insurance_app The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5919
MISC360fly -- 4k_cameras 360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program. 2017-05-01 not yet calculated CVE-2017-8403
MISC7-zip32.dll -- 7-zip32.dll Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-04-28 not yet calculated CVE-2017-2107
MISC
JVN
BIDaccellioin -- accellion_fta An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding. 2017-05-05 not yet calculated CVE-2017-8760
MISCaccellion -- fta_devices An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. 2017-05-05 not yet calculated CVE-2017-8304
MISCaccellion -- fta_devices An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. 2017-05-05 not yet calculated CVE-2017-8303
MISCaccellion -- fta An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. 2017-05-05 not yet calculated CVE-2017-8791
MISCaccellion -- fta An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter. 2017-05-05 not yet calculated CVE-2017-8795
MISCaccellion -- fta An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. 2017-05-05 not yet calculated CVE-2017-8792
MISCaccellion -- fta An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. 2017-05-05 not yet calculated CVE-2017-8789
MISCaccellion -- fta An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. 2017-05-05 not yet calculated CVE-2017-8788
MISCaccellion -- fta An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. 2017-05-05 not yet calculated CVE-2017-8796
MISCaccellion -- fta An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection. 2017-05-05 not yet calculated CVE-2017-8790
MISCaccellion -- fta An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern. 2017-05-05 not yet calculated CVE-2017-8794
MISCaccellion -- fta An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy. 2017-05-05 not yet calculated CVE-2017-8793
MISCaccess_cx_app -- access_cx_app The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-28 not yet calculated CVE-2017-2110
JVN
BIDadvantech -- b+b_smartworx_mesr901_firmware A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages. 2017-05-05 not yet calculated CVE-2017-7909
MISCadvantech -- webaccess upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. 2017-05-02 not yet calculated CVE-2016-5810
MISC
MISCadvantech -- webaccess An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. 2017-05-05 not yet calculated CVE-2017-7929
MISCallied_telesis -- centrecom_ar260s_v2 Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account. 2017-04-28 not yet calculated CVE-2017-2125
JVN
MISC
BIDamerica's_first_federal_credit_union -- mobile_banking_app The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5916
MISCapache -- qpid_proton The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. 2017-05-02 not yet calculated CVE-2016-4467
MLIST
BID
SECTRACKatlassian -- hipchat Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. 2017-05-05 not yet calculated CVE-2017-8080
BID
CONFIRM
CONFIRMatlassian -- hipchat Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. 2017-05-05 not yet calculated CVE-2017-8058
MISCatlassian -- sourcetree Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632. 2017-05-04 not yet calculated CVE-2017-8768
MISC
MISC
MISCavahi -- avahi avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. 2017-04-30 not yet calculated CVE-2017-6519
MISC
MISCaxis_communications -- network_cameras The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. 2017-05-02 not yet calculated CVE-2015-8257
MISC
BID
EXPLOIT-DBbanco_de_costa_rica -- bcr_movil_app The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5918
MISCbanco_santander_mexico -- sa_puermovil_app The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5911
MISCbmc -- server_automation The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. 2017-05-02 not yet calculated CVE-2016-5063
BID
CONFIRMbose -- soundtouch_30 The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. 2017-04-30 not yet calculated CVE-2017-6520
MISCbrave -- brave Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site. 2017-05-03 not yet calculated CVE-2017-8458
MISC
MISCca_technologies -- CA-client_automation The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. 2017-05-05 not yet calculated CVE-2017-8391
CONFIRMcertec_edv -- atvise_scada A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-6029
MISCcertec_edv -- atvise_scada A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-6031
MISCcisco -- cvr100w_wireless-n_VPN_router A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457. 2017-05-03 not yet calculated CVE-2017-6620
BID
CONFIRMcisco -- firepower A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361. 2017-05-03 not yet calculated CVE-2017-6625
BID
CONFIRMcisco -- ios A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939. 2017-05-03 not yet calculated CVE-2017-6624
BID
CONFIRMcisco -- unified_contact_center_enterprise A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314. 2017-05-03 not yet calculated CVE-2017-6626
BID
CONFIRMcisco -- unity_connection A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118. 2017-05-03 not yet calculated CVE-2017-6629
BID
CONFIRMcisco -- wide_area_application_services A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133. 2017-05-03 not yet calculated CVE-2017-6628
BID
CONFIRMcitrix -- xenmobile_server Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. 2017-05-05 not yet calculated CVE-2016-6877
MISCcloud_foundry -- cloud_controller The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. 2017-05-02 not yet calculated CVE-2016-5006
CONFIRM
CONFIRMcraft_cms -- craft_cms Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. 2017-05-01 not yet calculated CVE-2017-8385
CONFIRM
CONFIRMcraft_cms -- craft_cms Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. 2017-05-01 not yet calculated CVE-2017-8383
CONFIRM
CONFIRMcraft_cms -- craft_cms Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. 2017-05-01 not yet calculated CVE-2017-8384
CONFIRM
CONFIRMcybervision -- kaa_iot_platform A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-7911
MISCcybozu -- kunai Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. 2017-04-28 not yet calculated CVE-2017-2109
JVN
BID
MISCcybozu -- remote_service_manager Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. 2017-04-28 not yet calculated CVE-2016-7815
JVN
BID
MISCdahua -- multiple_devices A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. 2017-05-05 not yet calculated CVE-2017-7925
MISC
MISCdahua -- multiple_devices A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password. 2017-05-05 not yet calculated CVE-2017-7927
MISC
MISCdollar_bank -- dollar_bank_mobile_app The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5905
MISCdot_it -- banque_zitouna_app The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5914
MISCelectronic_funds_source -- mobile_driver_source_app The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5909
MISCemc -- data_dominion EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. 2017-05-04 not yet calculated CVE-2017-4983
CONFIRM
BIDemirates_nbd_bank -- pjsc_emirates_nbd_ksa_app The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5915
MISCether_software -- multiple_products Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username. 2017-04-30 not yet calculated CVE-2017-8367
MISC
EXPLOIT-DBettercap_project -- ettercap The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter. 2017-04-30 not yet calculated CVE-2017-8366
MISCeveryday_health -- diabetes_in_check_app The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5906
MISCf5 -- multiple_products An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow. 2017-05-01 not yet calculated CVE-2017-6128
CONFIRMforex.com -- forextrader_app The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5912
MISCforex.com -- tradeking_forex_app The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5913
MISCfoxit_software -- foxit_reader_phantompdf Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. 2017-05-03 not yet calculated CVE-2017-8454
MISC
MISCfoxit_software -- foxit_reader_phantompdf Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. 2017-05-03 not yet calculated CVE-2017-8453
MISC
MISCfoxit_software -- foxit_reader_phantompdf Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. 2017-05-03 not yet calculated CVE-2017-8455
MISC
MISCfoxit_software -- foxit_reader Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. 2017-05-05 not yet calculated CVE-2017-8059
MISCfranklin_fueling_systems -- ts-550_evo
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload. 2017-05-01 not yet calculated CVE-2017-6565
MISC
MISCfranklin_fueling_systems -- ts-550_evo On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks. 2017-05-01 not yet calculated CVE-2017-6564
MISC
MISCgenixcms -- genixcms GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element. 2017-05-03 not yet calculated CVE-2017-8762
MISCgenixcms -- genixcms GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter. 2017-05-01 not yet calculated CVE-2017-8377
MISCgenixcms -- genixcms GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. 2017-05-01 not yet calculated CVE-2017-8376
MISCgenixcms -- genixcms GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element. 2017-05-04 not yet calculated CVE-2017-8780
MISCgenixcms -- genixcms GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request. 2017-05-01 not yet calculated CVE-2017-8388
MISCgetsimple -- getsimple_cms Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce. 2017-04-30 not yet calculated CVE-2017-8081
CONFIRMgitlab -- gitlab GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. 2017-05-04 not yet calculated CVE-2017-8778
CONFIRM
CONFIRMgnu_binutils -- gnu_binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. 2017-05-01 not yet calculated CVE-2017-8397
CONFIRMgnu_binutils -- gnu_binutils The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. 2017-05-02 not yet calculated CVE-2017-8421
CONFIRMgnu_binutils -- gnu_binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. 2017-05-01 not yet calculated CVE-2017-8396
CONFIRMgnu_binutils -- gnu_binutils dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. 2017-05-01 not yet calculated CVE-2017-8398
CONFIRMgnu_binutils -- gnu_binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. 2017-05-01 not yet calculated CVE-2017-8394
CONFIRMgnu_binutils -- gnu_binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. 2017-05-01 not yet calculated CVE-2017-8395
CONFIRMgnu_binutils -- gnu_binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. 2017-05-01 not yet calculated CVE-2017-8393
CONFIRMgnu_binutils -- gnu_binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. 2017-05-01 not yet calculated CVE-2017-8392
CONFIRMgnulib -- gnulib Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. 2017-05-02 not yet calculated CVE-2017-7476
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMgoogle -- grpc Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. 2017-04-30 not yet calculated CVE-2017-8359
BID
MISC
MISCgreat_southern_bank -- great_southern_mobile_banking_app The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5907
MISChibara -- attachecase Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. 2017-04-28 not yet calculated CVE-2016-7842
JVN
BID
MISChibara -- attachecase Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. 2017-04-28 not yet calculated CVE-2016-7843
JVN
MISC
BIDhikvision -- ds-2cd2xx2f-i_ds-2cd2xx0f-i An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. 2017-05-05 not yet calculated CVE-2017-7921
MISC
MISChikvision -- ds-2cd2xx2f-i_ds-2cd2xx0f-i A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information. 2017-05-05 not yet calculated CVE-2017-7923
MISC
MISCibm -- bigfix_remote_control IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. 2017-05-03 not yet calculated CVE-2016-2930
CONFIRM
BIDibm -- insights_foundation_for_energy IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. 2017-04-28 not yet calculated CVE-2017-1141
CONFIRM
BIDibm -- marketing_platform IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564. 2017-05-05 not yet calculated CVE-2016-0255
CONFIRMibm -- maximo_asset_management IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. 2017-05-03 not yet calculated CVE-2016-9976
CONFIRM
BIDibm -- tealeaf_consumer_experience The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356. 2017-05-03 not yet calculated CVE-2016-0382
CONFIRM
BIDibm -- tivoli_storage_manager IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. 2017-05-05 not yet calculated CVE-2016-8916
CONFIRMibm -- websphere_cast_iron_solutions IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515. 2017-05-05 not yet calculated CVE-2016-9691
CONFIRMibm -- websphere_cast_iron_solutions IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516. 2017-05-05 not yet calculated CVE-2016-9692
CONFIRMibm -- websphere_portal IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592 2017-05-05 not yet calculated CVE-2017-1156
CONFIRMimagemagick -- imagemagick The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. 2017-05-04 not yet calculated CVE-2017-8765
CONFIRMintel -- intel_manageability_programs An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). 2017-05-02 not yet calculated CVE-2017-5689
BID
CONFIRM
CONFIRM
MISC
MISC
MISCiodata -- webcam_firmware Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 not yet calculated CVE-2017-2113
JVN
MISC
BIDiodata -- webcam_firmware HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. 2017-04-28 not yet calculated CVE-2017-2111
JVN
MISC
BIDiodata -- webcam_firmware TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 not yet calculated CVE-2017-2112
JVN
MISC
BIDirfanview -- irfanview IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file. 2017-04-30 not yet calculated CVE-2017-7721
CONFIRM
MISCirods -- irods Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved via igetwild. Because igetwild is a Bash script, the part of the pathname following the semicolon would be executed in the user's shell. 2017-05-05 not yet calculated CVE-2017-8799
CONFIRMk-opticom -- business_lala_call_app The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-28 not yet calculated CVE-2017-2104
JVN
BIDk-opticom -- lala_call_app The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-28 not yet calculated CVE-2017-2103
JVN
BIDkerio -- connect Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. 2017-05-02 not yet calculated CVE-2017-7440
MISCkmcis -- caseaware An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string. 2017-05-01 not yet calculated CVE-2017-5631
MISClame -- lame LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels. 2017-05-02 not yet calculated CVE-2017-8419
MISClibreoffice -- libreoffice LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. 2017-04-30 not yet calculated CVE-2017-8358
MISC
MISClibtirpc_ntirpc -- libtirpc_ntirpc rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. 2017-05-04 not yet calculated CVE-2017-8779
MISC
MISC
MISC
MISClinux -- linux_kernel The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. 2017-05-02 not yet calculated CVE-2014-9940
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. 2017-05-02 not yet calculated CVE-2015-9004
CONFIRM
BID
CONFIRM
CONFIRMlinux -- linux_kernel The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. 2017-04-28 not yet calculated CVE-2017-7895
BID
CONFIRM
CONFIRMlinuxcontainers -- lxc lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls. 2017-05-01 not yet calculated CVE-2016-8649
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMnetiq -- imanager NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. 2017-05-03 not yet calculated CVE-2017-7428
CONFIRM
CONFIRM
CONFIRMnovell -- imanager Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. 2017-05-03 not yet calculated CVE-2017-7431
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMnovell -- imanager Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. 2017-05-03 not yet calculated CVE-2017-7430
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMnovell -- imanager Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. 2017-05-03 not yet calculated CVE-2017-7432
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMnvidia -- video_driver An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331. 2017-05-02 not yet calculated CVE-2017-0331
CONFIRMopenssl -- openssl In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. 2017-05-04 not yet calculated CVE-2016-7053
BID
CONFIRMopenssl -- openssl There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. 2017-05-04 not yet calculated CVE-2017-3732
BID
CONFIRMopenssl -- openssl There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. 2017-05-04 not yet calculated CVE-2016-7055
BID
CONFIRMopenssl -- openssl If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. 2017-05-04 not yet calculated CVE-2017-3731
BID
CONFIRMopenssl -- openssl During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. 2017-05-04 not yet calculated CVE-2017-3733
BID
CONFIRMopenssl -- openssl In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. 2017-05-04 not yet calculated CVE-2017-3730
BID
CONFIRMopenssl -- openssl In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. 2017-05-04 not yet calculated CVE-2016-7054
BID
CONFIRMopsview -- monitor_pro In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /. 2017-05-03 not yet calculated CVE-2016-10367
MISCopsview -- monitor_pro Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the /login URI. 2017-05-03 not yet calculated CVE-2016-10368
MISCpalo_alto_networks -- pan-os The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. 2017-05-02 not yet calculated CVE-2017-7216
BID
CONFIRMpanda_security -- panda_mobile_security_app Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. 2017-05-05 not yet calculated CVE-2017-8060
MISCpayquicker -- payquicker_app The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5902
MISCpcre2 -- pcre2 pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. 2017-05-04 not yet calculated CVE-2017-8786
MISC
MISC
MISC
MISCpcre2 -- pcre2 PCRE2 before 2017-03-10 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." 2017-05-01 not yet calculated CVE-2017-8399
MISC
MISCpexip -- infinity Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. 2017-05-02 not yet calculated CVE-2017-6551
BID
CONFIRMpodofo -- podofo Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size. 2017-04-30 not yet calculated CVE-2017-8378
MISCpodofo -- podpfo The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file. 2017-05-05 not yet calculated CVE-2017-8787
MISCprimedrive -- desktop_application Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-04-28 not yet calculated CVE-2017-2108
JVN
BID
MISCproxmox -- mail_gateway Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. 2017-05-03 not yet calculated CVE-2015-9058
MISCproxmox -- mail_gateway Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. 2017-05-03 not yet calculated CVE-2015-9057
MISCqemu -- qemu Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. 2017-05-02 not yet calculated CVE-2017-8086
CONFIRM
MLIST
BID
CONFIRM
MLISTqemu -- qemu hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. 2017-05-02 not yet calculated CVE-2017-8112
MLIST
BID
CONFIRM
MLISTquick_heal -- multiple_products Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. 2017-05-04 not yet calculated CVE-2017-8774
MISCquick_heal -- multiple_products Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. 2017-05-04 not yet calculated CVE-2017-8775
MISCquick_heal -- multiple_products Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation. 2017-05-04 not yet calculated CVE-2017-8773
MISCquick_heal -- multiple_products Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product. 2017-05-04 not yet calculated CVE-2017-8776
MISCradicale -- radicale Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. 2017-04-30 not yet calculated CVE-2017-8342
CONFIRM
CONFIRM
CONFIRM
CONFIRMrapid7 -- appspider_pro Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. 2017-05-03 not yet calculated CVE-2017-5236
CONFIRMrapid7 -- appspider_pro Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash. 2017-05-03 not yet calculated CVE-2017-5240
CONFIRMrockwell_automation -- controllogix_5580_controllers A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller. 2017-05-05 not yet calculated CVE-2017-6024
MISCrubocop -- rubocop RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users. 2017-05-02 not yet calculated CVE-2017-8418
MISC
MISCruby -- ruby The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks. 2017-05-02 not yet calculated CVE-2016-4442
MLIST
CONFIRM
CONFIRMrxvt -- rxvt Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. 2017-05-02 not yet calculated CVE-2017-7483
MLIST
MLISTrzip -- rzip_2.1 The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. 2017-04-30 not yet calculated CVE-2017-8364
MISCsandisk -- sdhc/sdxc_memory_card Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-04-28 not yet calculated CVE-2017-2149
JVN
BID
MISCschneider_electric -- struxureware_data_center_expert Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. 2017-04-30 not yet calculated CVE-2017-8371
MISC
MISCsmalruby-editor -- smalruby-editor smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 not yet calculated CVE-2017-2096
JVN
MISC
BIDsoftonic -- panda_free_antivirus PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \.\PSMEMDriver. 2017-04-30 not yet calculated CVE-2017-8339
MISCspace_coast_credit_union -- space_coast_credit_union_mobile_app The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-3212
MISC
BID
MISCstate_bank_of_india -- state_bank_anywhere_app The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5901
MISCsupport-project -- knowledge Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-04-28 not yet calculated CVE-2017-2097
JVN
BIDswftools -- swftools In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. 2017-05-01 not yet calculated CVE-2017-8401
CONFIRMswftools -- swftools In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution. 2017-05-01 not yet calculated CVE-2017-8400
CONFIRMtelaxus -- epesi Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter. 2017-05-04 not yet calculated CVE-2017-8763
MISCtelegram -- telegram_desktop Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations. 2017-04-30 not yet calculated CVE-2016-10351
MISCtex_live -- tex_live TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. 2017-05-02 not yet calculated CVE-2016-10243
DEBIAN
MLIST
BID
FEDORA
FEDORA
MISC
CONFIRMthink_mutual_bank -- think_mutual_bank_mobile_banking_app The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-3213
MISC
BID
MISCtrend_micro -- officescan Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. 2017-05-03 not yet calculated CVE-2017-5481
BID
CONFIRMtrend_micro -- officescan Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. 2017-05-05 not yet calculated CVE-2017-8801
CONFIRM
CONFIRMtver -- tver_app The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-28 not yet calculated CVE-2017-2105
JVN
BIDunderbit -- mad The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file. 2017-04-30 not yet calculated CVE-2017-8372
MISCunderbit -- mad The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. 2017-04-30 not yet calculated CVE-2017-8373
MISCunderbit -- mad The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. 2017-04-30 not yet calculated CVE-2017-8374
MISCvaultive -- o365 PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure). 2017-05-03 not yet calculated CVE-2017-7229
MISCvivaldi_software -- vivaldi Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. 2017-04-28 not yet calculated CVE-2017-2156
BID
JVN
MISCwebmin -- webmin Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 not yet calculated CVE-2017-2106
JVN
BID
MISCwordpress -- wordpress WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message. 2017-05-04 not yet calculated CVE-2017-8295
BID
MISC
EXPLOIT-DBxen_project -- xen Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. 2017-05-03 not yet calculated CVE-2017-7995
CONFIRM
CONFIRMxirrus -- arrayos SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2017-05-05 not yet calculated CVE-2017-6557
CONFIRM
Monday, 8 May 2017
SB17-128: Vulnerability Summary for the Week of May 1, 2017
