<!DOCTYPE html>
<html><head>
    <meta charset="UTF-8">
</head><body><p><br></p><blockquote type="cite">---------- Original Message ----------<br>From: US-CERT <US-CERT@ncas.us-cert.gov><br>To: w3hwn@arrl.net<br>Date: August 2, 2017 at 9:13 PM<br>Subject: SB17-212: Vulnerability Summary for the Week of July 24, 2017<br><br><table width="700" border="0" cellspacing="0" cellpadding="0" align="center" style="border-collapse: collapse;" class="mce-item-table"><tbody><tr><td style="padding: 0px;"><p><img src="http://content.govdelivery.com/attachments/fancy_images/USDHSUSCERT/2015/11/675988/us-cert-banner-700x100-2_original.png" alt="U.S. Department of Homeland Security US-CERT" width="700" height="100" style="width: 700px; height: 100px;"></p><p>National Cyber Awareness System:</p><p> </p><div class="ox-e999cfe2c1-rss_item" style="margin-bottom: 2em;"><div class="ox-e999cfe2c1-rss_title" style="font-weight: bold; font-size: 120%; margin: 0 0 0.3em; padding: 0;"><a href="https://www.us-cert.gov/ncas/bulletins/SB17-212">SB17-212: Vulnerability Summary for the Week of July 24, 2017</a></div><div class="ox-e999cfe2c1-rss_pub_date" style="font-size: 90%; font-style: italic; color: #666666; margin: 0 0 0.3em; padding: 0;">07/31/2017 11:12 AM EDT</div><br><div class="ox-e999cfe2c1-rss_description" style="margin: 0 0 0.3em; padding: 0;">Original release date: July 31, 2017 <br><p>The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the <a href="http://www.nist.gov">National Institute of Standards and Technology</a> (NIST) <a href="http://nvd.nist.gov">National Vulnerability Database</a> (NVD) in the past week. The NVD is sponsored by the <a href="http://www.dhs.gov">Department of Homeland Security</a> (DHS) <a href="https://www.us-cert.gov/nccic">National Cybersecurity and Communications Integration Center</a> (NCCIC) / <a href="https://www.us-cert.gov">United States Computer Emergency Readiness Team</a> (US-CERT). For modified or updated entries, please visit the <a href="http://nvd.nist.gov" target="_blank">NVD</a>, which contains historical vulnerability information.</p><p>The vulnerabilities are based on the <a href="http://cve.mitre.org/" target="_blank">CVE</a> vulnerability naming standard and are organized according to severity, determined by the <a href="http://nvd.nist.gov/cvss.cfm" target="_blank">Common Vulnerability Scoring System</a> (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:</p><ul><li><p><strong><a href="#high">High</a></strong> - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0</p></li><li><p><strong><a href="#medium">Medium</a></strong> - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9</p></li><li><p><strong><a href="#low">Low</a></strong> - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9</p></li></ul><p>Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.</p><p><a id="ox-e999cfe2c1-high" name="high" class="mce-item-anchor"></a> </p><div id="ox-e999cfe2c1-high_v"><h2 id="ox-e999cfe2c1-high_v_title">High Vulnerabilities</h2><table border="1" summary="High Vulnerabilities" align="center"><thead><tr><th class="ox-e999cfe2c1-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">appsec-labs -- appsec_labs</td><td style="text-align: left;" align="left">AppUse 4.0 allows shell command injection via a proxy field.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11566&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">7.2</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11566" target="_blank">CVE-2017-11566</a><br><a href="https://gist.github.com/shiham101/4807e3dea54ee0f0456c47fcd1400e97" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">buffalo -- wapm-1166d_firmware</td><td style="text-align: left;" align="left">WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2126&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2126" target="_blank">CVE-2017-2126</a><br><a href="http://buffalo.jp/support_s/s20170718.html" target="_blank">CONFIRM</a><br><a href="https://jvn.jp/en/jp/JVN48823557/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">finecms -- finecms</td><td style="text-align: left;" align="left">dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11582&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11582" target="_blank">CVE-2017-11582</a><br><a href="http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#SQL-injection-after-limit-via-system-num-parameter" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">finecms -- finecms</td><td style="text-align: left;" align="left">dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11583&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11583" target="_blank">CVE-2017-11583</a><br><a href="http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#SQL-injection-in-action-related-catid-parameter" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">finecms -- finecms</td><td style="text-align: left;" align="left">dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11584&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11584" target="_blank">CVE-2017-11584</a><br><a href="http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#SQL-injection-via-system-field-parameter" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">finecms -- finecms</td><td style="text-align: left;" align="left">dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11585&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11585" target="_blank">CVE-2017-11585</a><br><a href="http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#remote-php-code-execution" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fortinet -- fortiwlm</td><td style="text-align: left;" align="left">A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-7336&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7336" target="_blank">CVE-2017-7336</a><br><a href="http://www.securityfocus.com/bid/99351" target="_blank">BID</a><br><a href="https://fortiguard.com/advisory/FG-IR-17-115" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">geutebrueck -- gcore</td><td style="text-align: left;" align="left">Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11517&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11517" target="_blank">CVE-2017-11517</a><br><a href="https://www.exploit-db.com/exploits/41153/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">greenpacket -- dx-350_firmware</td><td style="text-align: left;" align="left">Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9932&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9932" target="_blank">CVE-2017-9932</a><br><a href="https://iscouncil.blogspot.com/2017/07/authentication-bypass-in-green-packet.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">greenpacket -- dx-350_firmware</td><td style="text-align: left;" align="left">In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9980&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9980" target="_blank">CVE-2017-9980</a><br><a href="https://iscouncil.blogspot.com/2017/07/command-injection-in-green-packet-dx.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-7539&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)" target="_blank">7.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7539" target="_blank">CVE-2016-7539</a><br><a href="http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946" target="_blank">CONFIRM</a><br><a href="http://www.openwall.com/lists/oss-security/2016/09/22/2" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/93232" target="_blank">BID</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833101" target="_blank">CONFIRM</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1378776" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11505&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C)" target="_blank">7.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11505" target="_blank">CVE-2017-11505</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867824" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/526" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11523&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C)" target="_blank">7.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11523" target="_blank">CVE-2017-11523</a><br><a href="https://bugs.debian.org/869210" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/591" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11525&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C)" target="_blank">7.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11525" target="_blank">CVE-2017-11525</a><br><a href="http://www.securityfocus.com/bid/99931" target="_blank">BID</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867810" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/519" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11526&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C)" target="_blank">7.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11526" target="_blank">CVE-2017-11526</a><br><a href="http://www.securityfocus.com/bid/99932" target="_blank">BID</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867825" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/527" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11527&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C)" target="_blank">7.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11527" target="_blank">CVE-2017-11527</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867812" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/523" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11530&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C)" target="_blank">7.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11530" target="_blank">CVE-2017-11530</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867821" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/524" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">inmarsat -- amosconnect_8</td><td style="text-align: left;" align="left">Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-3222&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3222" target="_blank">CVE-2017-3222</a><br><a href="http://www.securityfocus.com/bid/99899" target="_blank">BID</a><br><a href="https://www.kb.cert.org/vuls/id/586501" target="_blank">CERT-VN</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">libinfinity_project -- libinfinity</td><td style="text-align: left;" align="left">libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3886&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3886" target="_blank">CVE-2015-3886</a><br><a href="http://seclists.org/oss-sec/2015/q2/410" target="_blank">MLIST</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783601" target="_blank">CONFIRM</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1221266" target="_blank">CONFIRM</a><br><a href="https://github.com/gobby/gobby/issues/61" target="_blank">CONFIRM</a><br><a href="https://github.com/gobby/libinfinity/commit/c97f870f5ae13112988d9f8ad464b4f679903706" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">rootkit_hunter_project -- rkhunter</td><td style="text-align: left;" align="left">rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-7480&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7480" target="_blank">CVE-2017-7480</a><br><a href="http://seclists.org/oss-sec/2017/q2/643" target="_blank">MLIST</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">sony -- wg-c10_firmware</td><td style="text-align: left;" align="left">WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2275&vector=(AV:N/AC:L/Au:S/C:C/I:C/A:C)" target="_blank">9.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2275" target="_blank">CVE-2017-2275</a><br><a href="https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10" target="_blank">MISC</a><br><a href="https://jvn.jp/en/jp/JVN14151222/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">sony -- wg-c10_firmware</td><td style="text-align: left;" align="left">Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2276&vector=(AV:N/AC:L/Au:S/C:C/I:C/A:C)" target="_blank">9.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2276" target="_blank">CVE-2017-2276</a><br><a href="https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10" target="_blank">MISC</a><br><a href="https://jvn.jp/en/jp/JVN14151222/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">tcpdump -- tcpdump</td><td style="text-align: left;" align="left">tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11541&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11541" target="_blank">CVE-2017-11541</a><br><a href="http://www.securityfocus.com/bid/99941" target="_blank">BID</a><br><a href="https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">tcpdump -- tcpdump</td><td style="text-align: left;" align="left">tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11542&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11542" target="_blank">CVE-2017-11542</a><br><a href="http://www.securityfocus.com/bid/99940" target="_blank">BID</a><br><a href="https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">tcpdump -- tcpdump</td><td style="text-align: left;" align="left">tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11543&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11543" target="_blank">CVE-2017-11543</a><br><a href="http://www.securityfocus.com/bid/99939" target="_blank">BID</a><br><a href="https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">tilde_cms_project -- tilde_cms</td><td style="text-align: left;" align="left">An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11324&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11324" target="_blank">CVE-2017-11324</a><br><a href="https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/" target="_blank">MISC</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a></div><p><a id="ox-e999cfe2c1-medium" name="medium" class="mce-item-anchor"></a> </p><div id="ox-e999cfe2c1-medium_v"><h2 id="ox-e999cfe2c1-medium_v_title">Medium Vulnerabilities</h2><table border="1" summary="Medium Vulnerabilities" align="center"><thead><tr><th class="ox-e999cfe2c1-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ansible -- ansible</td><td style="text-align: left;" align="left">Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive where the information may not be sanitized properly.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-7473&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7473" target="_blank">CVE-2017-7473</a><br><a href="https://github.com/ansible/ansible/issues/22505" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">atmail -- atmail</td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11617&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11617" target="_blank">CVE-2017-11617</a><br><a href="https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6" target="_blank">MISC</a><br><a href="https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">atutor -- atutor</td><td style="text-align: left;" align="left">Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10400&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10400" target="_blank">CVE-2016-10400</a><br><a href="https://github.com/atutor/ATutor/releases/tag/atutor_2_2_2" target="_blank">MISC</a><br><a href="https://www.htbridge.com/advisory/HTB23297" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">buffalotech -- wmr-433w_firmware</td><td style="text-align: left;" align="left">Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2274&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2274" target="_blank">CVE-2017-2274</a><br><a href="http://buffalo.jp/support_s/s20170606.html" target="_blank">CONFIRM</a><br><a href="https://jvn.jp/en/jp/JVN48413726/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">canonical -- ubuntu_linux</td><td style="text-align: left;" align="left">The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-1323&vector=(AV:L/AC:L/Au:N/C:C/I:N/A:N)" target="_blank">4.9</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1323" target="_blank">CVE-2015-1323</a><br><a href="http://www.securityfocus.com/bid/75221" target="_blank">BID</a><br><a href="http://www.ubuntu.com/usn/USN-2648-1" target="_blank">UBUNTU</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- prime_collaboration_provisioning</td><td style="text-align: left;" align="left">A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-6755&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6755" target="_blank">CVE-2017-6755</a><br><a href="http://www.securityfocus.com/bid/99878" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038960" target="_blank">SECTRACK</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-pcpt" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">contao -- contao_cms</td><td style="text-align: left;" align="left">Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10993&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10993" target="_blank">CVE-2017-10993</a><br><a href="https://contao.org/en/news/contao-3_5_28.html" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cygwin -- cygwin</td><td style="text-align: left;" align="left">Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-7523&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7523" target="_blank">CVE-2017-7523</a><br><a href="https://cygwin.com/ml/cygwin/2017-05/msg00149.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ektron -- ektron_content_management_system</td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6133&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6133" target="_blank">CVE-2016-6133</a><br><a href="http://www.securityfocus.com/archive/1/archive/1/540742/100/0/threaded" target="_blank">BUGTRAQ</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">eshop_project -- eshop</td><td style="text-align: left;" align="left">The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3421&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3421" target="_blank">CVE-2015-3421</a><br><a href="http://www.securityfocus.com/bid/74477" target="_blank">BID</a><br><a href="https://www.htbridge.com/advisory/HTB23255" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">exiv2 -- exiv2</td><td style="text-align: left;" align="left">There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11553&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11553" target="_blank">CVE-2017-11553</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1471772" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">exiv2 -- exiv2</td><td style="text-align: left;" align="left">There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11591&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11591" target="_blank">CVE-2017-11591</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1473888" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">exiv2 -- exiv2</td><td style="text-align: left;" align="left">There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11592&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11592" target="_blank">CVE-2017-11592</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1473889" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fedoraproject -- fedora</td><td style="text-align: left;" align="left">The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5194&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5194" target="_blank">CVE-2015-5194</a><br><a href="http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA" target="_blank">CONFIRM</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html" target="_blank">FEDORA</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html" target="_blank">FEDORA</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" target="_blank">SUSE</a><br><a href="http://rhn.redhat.com/errata/RHSA-2016-0780.html" target="_blank">REDHAT</a><br><a href="http://rhn.redhat.com/errata/RHSA-2016-2583.html" target="_blank">REDHAT</a><br><a href="http://www.debian.org/security/2015/dsa-3388" target="_blank">DEBIAN</a><br><a href="http://www.openwall.com/lists/oss-security/2015/08/25/3" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/76475" target="_blank">BID</a><br><a href="http://www.ubuntu.com/usn/USN-2783-1" target="_blank">UBUNTU</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1254542" target="_blank">CONFIRM</a><br><a href="https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21985122" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21986956" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21988706" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21989542" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fedoraproject -- fedora</td><td style="text-align: left;" align="left">ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5195&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5195" target="_blank">CVE-2015-5195</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html" target="_blank">FEDORA</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html" target="_blank">FEDORA</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html" target="_blank">FEDORA</a><br><a href="http://rhn.redhat.com/errata/RHSA-2016-0780.html" target="_blank">REDHAT</a><br><a href="http://rhn.redhat.com/errata/RHSA-2016-2583.html" target="_blank">REDHAT</a><br><a href="http://www.debian.org/security/2015/dsa-3388" target="_blank">DEBIAN</a><br><a href="http://www.openwall.com/lists/oss-security/2015/08/25/3" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/76474" target="_blank">BID</a><br><a href="http://www.ubuntu.com/usn/USN-2783-1" target="_blank">UBUNTU</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1254544" target="_blank">CONFIRM</a><br><a href="https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21985122" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21986956" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21988706" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21989542" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fedoraproject -- fedora</td><td style="text-align: left;" align="left">The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5219&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5219" target="_blank">CVE-2015-5219</a><br><a href="http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc" target="_blank">CONFIRM</a><br><a href="http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg" target="_blank">CONFIRM</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html" target="_blank">FEDORA</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html" target="_blank">FEDORA</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html" target="_blank">FEDORA</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html" target="_blank">SUSE</a><br><a href="http://rhn.redhat.com/errata/RHSA-2016-0780.html" target="_blank">REDHAT</a><br><a href="http://rhn.redhat.com/errata/RHSA-2016-2583.html" target="_blank">REDHAT</a><br><a href="http://www.debian.org/security/2015/dsa-3388" target="_blank">DEBIAN</a><br><a href="http://www.openwall.com/lists/oss-security/2015/08/25/3" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/76473" target="_blank">BID</a><br><a href="http://www.ubuntu.com/usn/USN-2783-1" target="_blank">UBUNTU</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1255118" target="_blank">CONFIRM</a><br><a href="https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21985122" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21986956" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21988706" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21989542" target="_blank">CONFIRM</a><br><a href="https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fedoraproject -- fedora</td><td style="text-align: left;" align="left">Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5221&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5221" target="_blank">CVE-2015-5221</a><br><a href="http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html" target="_blank">SUSE</a><br><a href="http://www.openwall.com/lists/oss-security/2015/08/20/4" target="_blank">MLIST</a><br><a href="https://access.redhat.com/errata/RHSA-2017:1208" target="_blank">REDHAT</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1255710" target="_blank">CONFIRM</a><br><a href="https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3" target="_blank">CONFIRM</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/" target="_blank">FEDORA</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/" target="_blank">FEDORA</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/" target="_blank">FEDORA</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">finecms -- finecms</td><td style="text-align: left;" align="left">dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11581&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11581" target="_blank">CVE-2017-11581</a><br><a href="http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#Reflected-XSS" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">finecms -- finecms</td><td style="text-align: left;" align="left">dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11586&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N)" target="_blank">5.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11586" target="_blank">CVE-2017-11586</a><br><a href="http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fontforge -- fontforge</td><td style="text-align: left;" align="left">FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11569&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11569" target="_blank">CVE-2017-11569</a><br><a href="https://github.com/fontforge/fontforge/issues/3093" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fontforge_project -- fontforge</td><td style="text-align: left;" align="left">FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11568&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11568" target="_blank">CVE-2017-11568</a><br><a href="https://github.com/fontforge/fontforge/issues/3089" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fontforge_project -- fontforge</td><td style="text-align: left;" align="left">FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11570&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11570" target="_blank">CVE-2017-11570</a><br><a href="https://github.com/fontforge/fontforge/issues/3097" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fontforge_project -- fontforge</td><td style="text-align: left;" align="left">FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11571&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11571" target="_blank">CVE-2017-11571</a><br><a href="https://github.com/fontforge/fontforge/issues/3087" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fontforge_project -- fontforge</td><td style="text-align: left;" align="left">FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11572&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11572" target="_blank">CVE-2017-11572</a><br><a href="https://github.com/fontforge/fontforge/issues/3092" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fontforge_project -- fontforge</td><td style="text-align: left;" align="left">FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11573&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11573" target="_blank">CVE-2017-11573</a><br><a href="https://github.com/fontforge/fontforge/issues/3098" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fontforge_project -- fontforge</td><td style="text-align: left;" align="left">FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11574&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11574" target="_blank">CVE-2017-11574</a><br><a href="https://github.com/fontforge/fontforge/issues/3090" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fontforge_project -- fontforge</td><td style="text-align: left;" align="left">FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11575&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11575" target="_blank">CVE-2017-11575</a><br><a href="https://github.com/fontforge/fontforge/issues/3096" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fontforge_project -- fontforge</td><td style="text-align: left;" align="left">FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11576&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11576" target="_blank">CVE-2017-11576</a><br><a href="https://github.com/fontforge/fontforge/issues/3091" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fontforge_project -- fontforge</td><td style="text-align: left;" align="left">FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11577&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11577" target="_blank">CVE-2017-11577</a><br><a href="https://github.com/fontforge/fontforge/issues/3088" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">gnome -- libgxps</td><td style="text-align: left;" align="left">There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11590&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11590" target="_blank">CVE-2017-11590</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1473167" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">greenpacket -- dx-350_firmware</td><td style="text-align: left;" align="left">Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9930&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9930" target="_blank">CVE-2017-9930</a><br><a href="https://iscouncil.blogspot.com/2017/07/green-packet-dx-350-vulnerable-to-csrf.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">greenpacket -- dx-350_firmware</td><td style="text-align: left;" align="left">Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9931&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9931" target="_blank">CVE-2017-9931</a><br><a href="https://iscouncil.blogspot.com/2017/07/green-packet-dx-350-vulnerable-to-cross.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- rhapsody_design_manager</td><td style="text-align: left;" align="left">IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1287&vector=(AV:N/AC:M/Au:S/C:P/I:P/A:N)" target="_blank">4.9</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1287" target="_blank">CVE-2017-1287</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22006052" target="_blank">CONFIRM</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/125148" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- security_guardium</td><td style="text-align: left;" align="left">IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1267&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1267" target="_blank">CVE-2017-1267</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22004424" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/99896" target="_blank">BID</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/124742" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- tririga_application_platform</td><td style="text-align: left;" align="left">Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1371&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1371" target="_blank">CVE-2017-1371</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22004674" target="_blank">CONFIRM</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/126864" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- tririga_application_platform</td><td style="text-align: left;" align="left">Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1373&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1373" target="_blank">CVE-2017-1373</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22004677" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/99908" target="_blank">BID</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/126866" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- tririga_application_platform</td><td style="text-align: left;" align="left">Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1374&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N)" target="_blank">4.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1374" target="_blank">CVE-2017-1374</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22004681" target="_blank">CONFIRM</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/126867" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11522&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11522" target="_blank">CVE-2017-11522</a><br><a href="https://bugs.debian.org/869209" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/816ecab6c532ae086ff4186b3eaf4aa7092d536f" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/586" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11524&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11524" target="_blank">CVE-2017-11524</a><br><a href="http://www.securityfocus.com/bid/99934" target="_blank">BID</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867798" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/506" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11528&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11528" target="_blank">CVE-2017-11528</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867811" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/522" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11529&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11529" target="_blank">CVE-2017-11529</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867823" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/525" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11532&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11532" target="_blank">CVE-2017-11532</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/563" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11533&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11533" target="_blank">CVE-2017-11533</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/562" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11534&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11534" target="_blank">CVE-2017-11534</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/564" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11535&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11535" target="_blank">CVE-2017-11535</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/561" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11536&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11536" target="_blank">CVE-2017-11536</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/567" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11537&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11537" target="_blank">CVE-2017-11537</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/560" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11538&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11538" target="_blank">CVE-2017-11538</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/569" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11539&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11539" target="_blank">CVE-2017-11539</a><br><a href="http://www.securityfocus.com/bid/99936" target="_blank">BID</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/582" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11540&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11540" target="_blank">CVE-2017-11540</a><br><a href="http://www.securityfocus.com/bid/99929" target="_blank">BID</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/581" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">inmarsat -- amosconnect_8</td><td style="text-align: left;" align="left">Blind SQL injection in the AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-3221&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3221" target="_blank">CVE-2017-3221</a><br><a href="http://www.securityfocus.com/bid/99899" target="_blank">BID</a><br><a href="https://www.kb.cert.org/vuls/id/586501" target="_blank">CERT-VN</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">libexpat_project -- libexpat</td><td style="text-align: left;" align="left">XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9233&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9233" target="_blank">CVE-2017-9233</a><br><a href="http://www.openwall.com/lists/oss-security/2017/06/17/7" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/99276" target="_blank">BID</a><br><a href="https://github.com/libexpat/libexpat/blob/master/expat/Changes" target="_blank">CONFIRM</a><br><a href="https://libexpat.github.io/doc/cve-2017-9233/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">libsass -- libsass</td><td style="text-align: left;" align="left">There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11554&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11554" target="_blank">CVE-2017-11554</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1471780" target="_blank">MISC</a><br><a href="https://github.com/sass/libsass/issues/2445" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">libsass -- libsass</td><td style="text-align: left;" align="left">There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11555&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11555" target="_blank">CVE-2017-11555</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1471782" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">libsass -- libsass</td><td style="text-align: left;" align="left">There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11556&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11556" target="_blank">CVE-2017-11556</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1471786" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">libsass -- libsass</td><td style="text-align: left;" align="left">There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11605&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11605" target="_blank">CVE-2017-11605</a><br><a href="http://www.securityfocus.com/bid/99930" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1474019" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">libsass -- libsass</td><td style="text-align: left;" align="left">There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11608&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11608" target="_blank">CVE-2017-11608</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1474276" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">linux -- linux_kernel</td><td style="text-align: left;" align="left">The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-7542&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:C)" target="_blank">4.9</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7542" target="_blank">CVE-2017-7542</a><br><a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6399f1fae4ec29fab5ec76070435555e256ca3a6" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/99953" target="_blank">BID</a><br><a href="https://github.com/torvalds/linux/commit/6399f1fae4ec29fab5ec76070435555e256ca3a6" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">microsec -- e-szigno</td><td style="text-align: left;" align="left">Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3931&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3931" target="_blank">CVE-2015-3931</a><br><a href="http://packetstormsecurity.com/files/132473/Microsec-e-Szigno-Netlock-Mokka-XML-Signature-Wrapping.html" target="_blank">MISC</a><br><a href="http://www.neih.gov.hu/?q=node/66" target="_blank">MISC</a><br><a href="http://www.securityfocus.com/bid/75487" target="_blank">BID</a><br><a href="https://e-szigno.hu/letoltesek/programok-driverek.html" target="_blank">MISC</a><br><a href="https://www.search-lab.hu/about-us/news/107-37-million-digitally-signed-documents-had-to-be-reverified" target="_blank">MISC</a><br><a href="https://www.search-lab.hu/eakta" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">netlock -- mokka</td><td style="text-align: left;" align="left">Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3932&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3932" target="_blank">CVE-2015-3932</a><br><a href="http://packetstormsecurity.com/files/132473/Microsec-e-Szigno-Netlock-Mokka-XML-Signature-Wrapping.html" target="_blank">MISC</a><br><a href="http://www.neih.gov.hu/?q=node/66" target="_blank">MISC</a><br><a href="http://www.securityfocus.com/bid/75489" target="_blank">BID</a><br><a href="https://www.search-lab.hu/about-us/news/107-37-million-digitally-signed-documents-had-to-be-reverified" target="_blank">MISC</a><br><a href="https://www.search-lab.hu/eakta" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">phpmybackuppro -- phpmybackuppro</td><td style="text-align: left;" align="left">phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3638&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3638" target="_blank">CVE-2015-3638</a><br><a href="http://openwall.com/lists/oss-security/2015/04/25/1" target="_blank">MLIST</a><br><a href="http://www.openwall.com/lists/oss-security/2015/05/04/4" target="_blank">MLIST</a><br><a href="http://www.securitytracker.com/id/1032250" target="_blank">SECTRACK</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">phpmybackuppro -- phpmybackuppro</td><td style="text-align: left;" align="left">phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3639&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3639" target="_blank">CVE-2015-3639</a><br><a href="http://openwall.com/lists/oss-security/2015/04/25/1" target="_blank">MLIST</a><br><a href="http://www.openwall.com/lists/oss-security/2015/05/04/4" target="_blank">MLIST</a><br><a href="http://www.securitytracker.com/id/1032250" target="_blank">SECTRACK</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">phpmybackuppro -- phpmybackuppro</td><td style="text-align: left;" align="left">phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3640&vector=(AV:N/AC:M/Au:S/C:P/I:P/A:P)" target="_blank">6.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3640" target="_blank">CVE-2015-3640</a><br><a href="http://www.openwall.com/lists/oss-security/2015/05/04/4" target="_blank">MLIST</a><br><a href="http://www.securitytracker.com/id/1032250" target="_blank">SECTRACK</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">sap -- netweaver_portal</td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11460&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11460" target="_blank">CVE-2017-11460</a><br><a href="http://www.securityfocus.com/bid/97565" target="_blank">BID</a><br><a href="https://erpscan.com/advisories/erpscan-17-016-sap-netweaver-java-7-4-dataarchivingservice-servlet-xss/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">subsonic -- subsonic</td><td style="text-align: left;" align="left">Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9413&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9413" target="_blank">CVE-2017-9413</a><br><a href="http://packetstormsecurity.com/files/142794/Subsonic-6.1.1-Server-Side-Request-Forgery.html" target="_blank">MISC</a><br><a href="https://www.exploit-db.com/exploits/42118/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">subsonic -- subsonic</td><td style="text-align: left;" align="left">Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9415&vector=(AV:N/AC:H/Au:N/C:P/I:P/A:P)" target="_blank">5.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9415" target="_blank">CVE-2017-9415</a><br><a href="https://www.exploit-db.com/exploits/42117/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">tcpdump -- tcpdump</td><td style="text-align: left;" align="left">tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:229:3.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11544&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11544" target="_blank">CVE-2017-11544</a><br><a href="http://www.securityfocus.com/bid/99937" target="_blank">BID</a><br><a href="https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/segv/print-sl" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">tcpdump -- tcpdump</td><td style="text-align: left;" align="left">tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:253:34.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11545&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11545" target="_blank">CVE-2017-11545</a><br><a href="http://www.securityfocus.com/bid/99935" target="_blank">BID</a><br><a href="https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/segv/print-sl" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">tilde_cms_project -- tilde_cms</td><td style="text-align: left;" align="left">An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11326&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11326" target="_blank">CVE-2017-11326</a><br><a href="https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">tilde_cms_project -- tilde_cms</td><td style="text-align: left;" align="left">An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11327&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N)" target="_blank">4.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11327" target="_blank">CVE-2017-11327</a><br><a href="https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">tp-link -- archer_c9_(2.0)_firmware</td><td style="text-align: left;" align="left">passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11519&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11519" target="_blank">CVE-2017-11519</a><br><a href="http://www.tp-link.com/en/download/Archer-C9_V2.html#Firmware" target="_blank">MISC</a><br><a href="https://devcraft.io/posts/2017/07/21/tp-link-archer-c9-admin-password-reset.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">tukaani -- xz</td><td style="text-align: left;" align="left">scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-4035&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">4.6</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4035" target="_blank">CVE-2015-4035</a><br><a href="http://seclists.org/oss-sec/2015/q2/484" target="_blank">MLIST</a><br><a href="http://www.openwall.com/lists/oss-security/2015/05/19/13" target="_blank">MLIST</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1223341" target="_blank">CONFIRM</a><br><a href="https://git.tukaani.org/?p=xz.git;a=commitdiff;h=f4b2b52624b802c786e4e2a8eb6895794dd93b24" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">yiiframework -- yii</td><td style="text-align: left;" align="left">An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11516&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11516" target="_blank">CVE-2017-11516</a><br><a href="https://github.com/yiisoft/yii2/pull/14492" target="_blank">CONFIRM</a><br><a href="https://github.com/yiisoft/yii2/pull/14492/files/feb4067de8a58f391a66e395192b0d83a8109b95" target="_blank">CONFIRM</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a></div><p><a id="ox-e999cfe2c1-low" name="low" class="mce-item-anchor"></a> </p><div id="ox-e999cfe2c1-low_v"><h2 id="ox-e999cfe2c1-low_v_title">Low Vulnerabilities</h2><table border="1" summary="Low Vulnerabilities" align="center"><thead><tr><th class="ox-e999cfe2c1-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- emptoris_strategic_supply_management</td><td style="text-align: left;" align="left">IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118356.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-6118&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6118" target="_blank">CVE-2016-6118</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22005824" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/99926" target="_blank">BID</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/118356" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- rational_software_architect_design_manager</td><td style="text-align: left;" align="left">IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124580.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1245&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1245" target="_blank">CVE-2017-1245</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22006052" target="_blank">CONFIRM</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/124580" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- rhapsody_design_manager</td><td style="text-align: left;" align="left">IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-8975&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8975" target="_blank">CVE-2016-8975</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22006052" target="_blank">CONFIRM</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/118912" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- rhapsody_design_manager</td><td style="text-align: left;" align="left">IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1249&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1249" target="_blank">CVE-2017-1249</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22006052" target="_blank">CONFIRM</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/124629" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- tririga_application_platform</td><td style="text-align: left;" align="left">IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1372&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1372" target="_blank">CVE-2017-1372</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22004675" target="_blank">CONFIRM</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/126865" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- websphere_application_server</td><td style="text-align: left;" align="left">IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1380&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1380" target="_blank">CVE-2017-1380</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22004786" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/99961" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038978" target="_blank">SECTRACK</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/127151" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- websphere_application_server</td><td style="text-align: left;" align="left">IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1381&vector=(AV:L/AC:L/Au:N/C:P/I:N/A:N)" target="_blank">2.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1381" target="_blank">CVE-2017-1381</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22004792" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/99917" target="_blank">BID</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/127152" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- websphere_application_server</td><td style="text-align: left;" align="left">IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1382&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:N)" target="_blank">3.6</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1382" target="_blank">CVE-2017-1382</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22004785" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/99960" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038977" target="_blank">SECTRACK</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/127153" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">selinux_project -- selinux</td><td style="text-align: left;" align="left">selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3170&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">2.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3170" target="_blank">CVE-2015-3170</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1218672" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">sos_project -- sos</td><td style="text-align: left;" align="left">sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3171&vector=(AV:L/AC:L/Au:N/C:P/I:N/A:N)" target="_blank">2.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3171" target="_blank">CVE-2015-3171</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1218658" target="_blank">CONFIRM</a><br><a href="https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6" target="_blank">CONFIRM</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a></div><p><a id="ox-e999cfe2c1-severity_not_yet_assigned" name="severity_not_yet_assigned" class="mce-item-anchor"></a> </p><div id="ox-e999cfe2c1-snya_v"><h2 id="ox-e999cfe2c1-snya_v_title">Severity Not Yet Assigned</h2><table id="ox-e999cfe2c1-table_severity_not_yet_assigned" border="1" summary="Severity Not Yet Assigned" align="center"><thead><tr><th class="ox-e999cfe2c1-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">acunetix -- acunetix</td><td style="text-align: left;" align="left">Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess."</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11673" target="_blank">CVE-2017-11673</a><br><a href="http://code610.blogspot.com/2017/07/readwrite-access-violation-acunetix.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">acunetix -- acunetix<br> </td><td style="text-align: left;" align="left">Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a "Read Access Violation starting at reporter!madTraceProcess."</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11674" target="_blank">CVE-2017-11674</a><br><a href="http://code610.blogspot.com/2017/07/readwrite-access-violation-acunetix.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">airlink101 -- skyipcam1620w_wireless_n_mpeg4_3gpp_network_camera</td><td style="text-align: left;" align="left">snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2280" target="_blank">CVE-2015-2280</a><br><a href="http://packetstormsecurity.com/files/132609/AirLink101-SkyIPCam1620W-OS-Command-Injection.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2015/Jul/40" target="_blank">FULLDISC</a><br><a href="http://www.securityfocus.com/archive/1/archive/1/535963/100/0/threaded" target="_blank">BUGTRAQ</a><br><a href="http://www.securityfocus.com/bid/75597" target="_blank">BID</a><br><a href="https://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection" target="_blank">MISC</a><br><a href="https://www.exploit-db.com/exploits/37527/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">airlive -- multiple_products<br> </td><td style="text-align: left;" align="left">cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2279" target="_blank">CVE-2015-2279</a><br><a href="http://packetstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2015/Jul/29" target="_blank">FULLDISC</a><br><a href="http://www.securityfocus.com/archive/1/archive/1/535938/100/0/threaded" target="_blank">BUGTRAQ</a><br><a href="http://www.securityfocus.com/bid/75559" target="_blank">BID</a><br><a href="https://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection" target="_blank">MISC</a><br><a href="https://www.exploit-db.com/exploits/37532/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">apache -- activemq_artemis<br> </td><td style="text-align: left;" align="left">XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown vectors.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3208" target="_blank">CVE-2015-3208</a><br><a href="http://www.openwall.com/lists/oss-security/2015/07/24/2" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/76025" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1225252" target="_blank">CONFIRM</a><br><a href="https://github.com/apache/activemq-artemis/commit/48d9951d879e0c8cbb59d4b64ab59d53ef88310d" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">apache -- http_server<br> </td><td style="text-align: left;" align="left">---------------------------------------------------------------------- WARNING - CVE-2016-0736 was assigned by redhat, not apache! Description from apache : In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0736" target="_blank">CVE-2016-0736</a><br><a href="https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-0736" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">apache -- http_server<br> </td><td style="text-align: left;" align="left">---------------------------------------------------------------------- WARNING - CVE-2016-2161 was assigned by redhat, not apache! Description from apache : In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2161" target="_blank">CVE-2016-2161</a><br><a href="https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">apache -- http_server<br> </td><td style="text-align: left;" align="left">---------------------------------------------------------------------- WARNING - a refinement exists for CVE-2016-8743 : theall/20170425-084430 (delay queue)! Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8743" target="_blank">CVE-2016-8743</a><br><a href="https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">appserver -- appserver<br> </td><td style="text-align: left;" align="left">Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1847" target="_blank">CVE-2015-1847</a><br><a href="http://appserver.io/security/2015/03/31/traversal-directory-vulnerability-in-webserver.html" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript</td><td style="text-align: left;" align="left">psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11714" target="_blank">CVE-2017-11714</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa" target="_blank">CONFIRM</a><br><a href="https://bugs.ghostscript.com/show_bug.cgi?id=698158" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript_ghostxps</td><td style="text-align: left;" align="left">The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9611" target="_blank">CVE-2017-9611</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe" target="_blank">CONFIRM</a><br><a href="https://bugs.ghostscript.com/show_bug.cgi?id=698024" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript_ghostxps<br> </td><td style="text-align: left;" align="left">The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9620" target="_blank">CVE-2017-9620</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9" target="_blank">CONFIRM</a><br><a href="https://bugs.ghostscript.com/show_bug.cgi?id=698050" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript_ghostxps<br> </td><td style="text-align: left;" align="left">The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9619" target="_blank">CVE-2017-9619</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323" target="_blank">CONFIRM</a><br><a href="https://bugs.ghostscript.com/show_bug.cgi?id=698042" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript_ghostxps<br> </td><td style="text-align: left;" align="left">The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9618" target="_blank">CVE-2017-9618</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb" target="_blank">CONFIRM</a><br><a href="https://bugs.ghostscript.com/show_bug.cgi?id=698044" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript_ghostxps<br> </td><td style="text-align: left;" align="left">The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9740" target="_blank">CVE-2017-9740</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626" target="_blank">CONFIRM</a><br><a href="https://bugs.ghostscript.com/show_bug.cgi?id=698064" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript_ghostxps<br> </td><td style="text-align: left;" align="left">The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9727" target="_blank">CVE-2017-9727</a><br><a href="http://bugs.ghostscript.com/show_bug.cgi?id=698056" target="_blank">CONFIRM</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript_ghostxps<br> </td><td style="text-align: left;" align="left">The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9612" target="_blank">CVE-2017-9612</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c" target="_blank">CONFIRM</a><br><a href="https://bugs.ghostscript.com/show_bug.cgi?id=698026" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript_ghostxps<br> </td><td style="text-align: left;" align="left">The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9739" target="_blank">CVE-2017-9739</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15" target="_blank">CONFIRM</a><br><a href="https://bugs.ghostscript.com/show_bug.cgi?id=698063" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript_ghostxps<br> </td><td style="text-align: left;" align="left">The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9610" target="_blank">CVE-2017-9610</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06" target="_blank">CONFIRM</a><br><a href="https://bugs.ghostscript.com/show_bug.cgi?id=698025" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript_ghostxps<br> </td><td style="text-align: left;" align="left">The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9726" target="_blank">CVE-2017-9726</a><br><a href="http://bugs.ghostscript.com/show_bug.cgi?id=698055" target="_blank">CONFIRM</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">artifex -- artifex_ghostscript<br> </td><td style="text-align: left;" align="left">The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.22 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9835" target="_blank">CVE-2017-9835</a><br><a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066" target="_blank">CONFIRM</a><br><a href="https://bugs.ghostscript.com/show_bug.cgi?id=697985" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">audiocoder -- audiocoder</td><td style="text-align: left;" align="left">Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8870" target="_blank">CVE-2017-8870</a><br><a href="https://www.exploit-db.com/exploits/42385/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">avira -- avira_antivirus<br> </td><td style="text-align: left;" align="left">Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10402" target="_blank">CVE-2016-10402</a><br><a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=765" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cacti -- cacti<br> </td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11691" target="_blank">CVE-2017-11691</a><br><a href="https://github.com/Cacti/cacti/commit/104090aeead4aa433bf1f18cd6d52dcfeb71236c" target="_blank">CONFIRM</a><br><a href="https://github.com/Cacti/cacti/issues/867" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">candlepin -- candlepin<br> </td><td style="text-align: left;" align="left">Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5187" target="_blank">CVE-2015-5187</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1252147" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- asr_5000_series_aggregation_services_routers<br> </td><td style="text-align: left;" align="left">A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6672" target="_blank">CVE-2017-6672</a><br><a href="http://www.securityfocus.com/bid/99921" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038962" target="_blank">SECTRACK</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr1" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left"><p>cisco -- asr_5000_series_aggregation_services_routers</p><br> </td><td style="text-align: left;" align="left">A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6612" target="_blank">CVE-2017-6612</a><br><a href="http://www.securityfocus.com/bid/99920" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038961" target="_blank">SECTRACK</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-asr" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- cloud_web_security<br> </td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0674" target="_blank">CVE-2015-0674</a><br><a href="https://tools.cisco.com/security/center/viewAlert.x?alertId=38058" target="_blank">CISCO</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- residential_gateway<br> </td><td style="text-align: left;" align="left">On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. The command output is visible at /PingMsg.cmd.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11588" target="_blank">CVE-2017-11588</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/26" target="_blank">MISC</a><br><a href="http://www.securityfocus.com/bid/99963" target="_blank">BID</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- residential_gateway<br> </td><td style="text-align: left;" align="left">On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11589" target="_blank">CVE-2017-11589</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/26" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- residential_gateway<br> </td><td style="text-align: left;" align="left">On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11587" target="_blank">CVE-2017-11587</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/26" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- web_security_appliance<br> </td><td style="text-align: left;" align="left">A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6750" target="_blank">CVE-2017-6750</a><br><a href="http://www.securityfocus.com/bid/99924" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038958" target="_blank">SECTRACK</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa4" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- web_security_appliance<br> </td><td style="text-align: left;" align="left">A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6751" target="_blank">CVE-2017-6751</a><br><a href="http://www.securityfocus.com/bid/99967" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038959" target="_blank">SECTRACK</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- web_security_appliance<br> </td><td style="text-align: left;" align="left">A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6746" target="_blank">CVE-2017-6746</a><br><a href="http://www.securityfocus.com/bid/99877" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038948" target="_blank">SECTRACK</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- web_security_appliance<br> </td><td style="text-align: left;" align="left">A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6748" target="_blank">CVE-2017-6748</a><br><a href="http://www.securityfocus.com/bid/99918" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038956" target="_blank">SECTRACK</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa2" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco -- web_security_appliance<br> </td><td style="text-align: left;" align="left">A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88865. Known Affected Releases: 10.1.0-204.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6749" target="_blank">CVE-2017-6749</a><br><a href="http://www.securityfocus.com/bid/99875" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038957" target="_blank">SECTRACK</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa3" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cisco --webex</td><td style="text-align: left;" align="left">A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6753" target="_blank">CVE-2017-6753</a><br><a href="http://www.securityfocus.com/bid/99614" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038909" target="_blank">SECTRACK</a><br><a href="http://www.securitytracker.com/id/1038910" target="_blank">SECTRACK</a><br><a href="http://www.securitytracker.com/id/1038911" target="_blank">SECTRACK</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cloud_foundry -- capi_release<br> </td><td style="text-align: left;" align="left">An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8036" target="_blank">CVE-2017-8036</a><br><a href="https://www.cloudfoundry.org/cve-2017-8036/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cloud_foundry -- capi_release<br> </td><td style="text-align: left;" align="left">An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8033" target="_blank">CVE-2017-8033</a><br><a href="https://www.cloudfoundry.org/cve-2017-8033/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">cloud_foundry -- capi_release<br> </td><td style="text-align: left;" align="left">An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8035" target="_blank">CVE-2017-8035</a><br><a href="https://www.cloudfoundry.org/cve-2017-8035/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">dayrui -- dayrui<br> </td><td style="text-align: left;" align="left">dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11629" target="_blank">CVE-2017-11629</a><br><a href="http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#api-php-Reflected-XSS" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">debian -- tor<br> </td><td style="text-align: left;" align="left">debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script).</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11565" target="_blank">CVE-2017-11565</a><br><a href="http://www.securityfocus.com/bid/99933" target="_blank">BID</a><br><a href="https://bugs.debian.org/869153" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">efront -- efront</td><td style="text-align: left;" align="left">Unrestricted file upload vulnerability in eFront CMS before 3.6.15.5 allows remote authenticated users to execute arbitrary code by uploading a file from a local URL, then accessing it via a direct request to the file in www/content/lessons/"lesson number"/"directory name".</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4462" target="_blank">CVE-2015-4462</a><br><a href="http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841" target="_blank">CONFIRM</a><br><a href="http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">efront -- efront<br> </td><td style="text-align: left;" align="left">Unrestricted file upload vulnerability in eFront CMS before 3.6.15.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension prepended to a crafted parameter, then accessing it via a direct request to the file in www/content/lessons/"lesson number"/"directory name".</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4463" target="_blank">CVE-2015-4463</a><br><a href="http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841" target="_blank">CONFIRM</a><br><a href="http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">exiv2 -- exiv2<br> </td><td style="text-align: left;" align="left">There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11683" target="_blank">CVE-2017-11683</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1475124" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ffmpeg -- ffmpeg<br> </td><td style="text-align: left;" align="left">The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11719" target="_blank">CVE-2017-11719</a><br><a href="https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ffmpeg -- ffmpeg<br> </td><td style="text-align: left;" align="left">The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11665" target="_blank">CVE-2017-11665</a><br><a href="https://gist.github.com/7d94dda50856e707e1c92d068bbc244e" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fiyo -- fiyo</td><td style="text-align: left;" align="left">dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11631" target="_blank">CVE-2017-11631</a><br><a href="https://github.com/FiyoCMS/FiyoCMS/issues/7" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">fiyo -- fiyo</td><td style="text-align: left;" align="left">dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11630" target="_blank">CVE-2017-11630</a><br><a href="https://github.com/FiyoCMS/FiyoCMS/issues/6" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">foreman -- foreman</td><td style="text-align: left;" align="left">rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7540" target="_blank">CVE-2017-7540</a><br><a href="https://github.com/svenfuchs/safemode/pull/23" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">freebsd -- freebsd<br> </td><td style="text-align: left;" align="left">The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1417" target="_blank">CVE-2015-1417</a><br><a href="http://www.securityfocus.com/bid/76112" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1033111" target="_blank">SECTRACK</a><br><a href="https://www.freebsd.org/security/advisories/FreeBSD-SA-15:15.tcp.asc" target="_blank">FREEBSD</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">glpi -- glpi</td><td style="text-align: left;" align="left">SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11184" target="_blank">CVE-2017-11184</a><br><a href="https://github.com/glpi-project/glpi/issues/2449" target="_blank">CONFIRM</a><br><a href="https://github.com/glpi-project/glpi/releases/tag/9.1.5" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">glpi -- glpi<br> </td><td style="text-align: left;" align="left">front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11183" target="_blank">CVE-2017-11183</a><br><a href="https://github.com/glpi-project/glpi/issues/2450" target="_blank">CONFIRM</a><br><a href="https://github.com/glpi-project/glpi/releases/tag/9.1.5" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">gnu -- gnu_compiler_collection<br> </td><td style="text-align: left;" align="left">Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11671" target="_blank">CVE-2017-11671</a><br><a href="http://openwall.com/lists/oss-security/2017/07/27/2" target="_blank">CONFIRM</a><br><a href="https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180" target="_blank">CONFIRM</a><br><a href="https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">google -- chrome<br> </td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11593" target="_blank">CVE-2017-11593</a><br><a href="https://github.com/volca/markdown-preview/commit/1181f044a5457d5e1ac35804ecd84e05977f1920" target="_blank">CONFIRM</a><br><a href="https://github.com/volca/markdown-preview/issues/60" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">google --android</td><td style="text-align: left;" align="left">The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was "At the moment that is an accepted risk. We only have https on the checkout part of the site."</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11706" target="_blank">CVE-2017-11706</a><br><a href="https://hackerone.com/reports/166712" target="_blank">MISC</a><br><a href="https://wwws.nightwatchcybersecurity.com/2017/07/27/boozt-fashion-android-app-didnt-use-ssl-for-login-cve-2017-11706/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick<br> </td><td style="text-align: left;" align="left">GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11642" target="_blank">CVE-2017-11642</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick<br> </td><td style="text-align: left;" align="left">The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11722" target="_blank">CVE-2017-11722</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick<br> </td><td style="text-align: left;" align="left">GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11636" target="_blank">CVE-2017-11636</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick<br> </td><td style="text-align: left;" align="left">GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11643" target="_blank">CVE-2017-11643</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick<br> </td><td style="text-align: left;" align="left">GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11641" target="_blank">CVE-2017-11641</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick<br> </td><td style="text-align: left;" align="left">GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11638" target="_blank">CVE-2017-11638</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick<br> </td><td style="text-align: left;" align="left">GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11637" target="_blank">CVE-2017-11637</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">hangul -- hangul<br> </td><td style="text-align: left;" align="left">hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6585" target="_blank">CVE-2015-6585</a><br><a href="http://www.hancom.com/cs_center/csDownload.do" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/76694" target="_blank">BID</a><br><a href="https://www.fireeye.com/blog/threat-research/2015/09/zero-day_hwp_exploit.html" target="_blank">CONFIRM</a><br><a href="https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">hashtopus -- hashtopus<br> </td><td style="text-align: left;" align="left">SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11678" target="_blank">CVE-2017-11678</a><br><a href="https://github.com/curlyboi/hashtopus/issues/63" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">hashtopus -- hashtopus<br> </td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11677" target="_blank">CVE-2017-11677</a><br><a href="https://github.com/curlyboi/hashtopus/issues/63" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">hashtopus -- hashtopus<br> </td><td style="text-align: left;" align="left">Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11679" target="_blank">CVE-2017-11679</a><br><a href="https://github.com/curlyboi/hashtopus/issues/63" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">hashtopussy -- hashtopussy<br> </td><td style="text-align: left;" align="left">Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11681" target="_blank">CVE-2017-11681</a><br><a href="https://github.com/s3inlc/hashtopussy/issues/241" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">hashtopussy -- hashtopussy<br> </td><td style="text-align: left;" align="left">Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11680" target="_blank">CVE-2017-11680</a><br><a href="https://github.com/s3inlc/hashtopussy/issues/241" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">hashtopussy -- hashtopussy<br> </td><td style="text-align: left;" align="left">Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11682" target="_blank">CVE-2017-11682</a><br><a href="https://github.com/s3inlc/hashtopussy/issues/241" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick<br> </td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11640" target="_blank">CVE-2017-11640</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/584" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick<br> </td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11639" target="_blank">CVE-2017-11639</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/588" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick<br> </td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11531" target="_blank">CVE-2017-11531</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/566" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick<br> </td><td style="text-align: left;" align="left">When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11644" target="_blank">CVE-2017-11644</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/587" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">intel -- intel_processors</td><td style="text-align: left;" align="left">Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5691" target="_blank">CVE-2017-5691</a><br><a href="https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00076&languageid=en-fr" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">intense_pc -- phoenix_securecore_uefi</td><td style="text-align: left;" align="left">Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9457" target="_blank">CVE-2017-9457</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/56" target="_blank">MISC</a><br><a href="https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">joomla -- joomla!<br> </td><td style="text-align: left;" align="left">In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11612" target="_blank">CVE-2017-11612</a><br><a href="https://developer.joomla.org/security-centre/701-20170605-core-xss-vulnerability.html" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">joomla -- joomla!<br> </td><td style="text-align: left;" align="left">SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2798" target="_blank">CVE-2015-2798</a><br><a href="http://www.securityfocus.com/bid/73903" target="_blank">BID</a><br><a href="https://www.exploit-db.com/exploits/36561/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">koha -- koha<br> </td><td style="text-align: left;" align="left">Multiple cross-site request forgery (CSRF) vulnerabilities in Koha Libraries 3.20.x before 3.20.1, 3.14.x before 3.14.16, 3.16.x before 3.16.12 allow remote attackers to (1) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via the addshelf parameter to opac-shelves.pl, (2) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via an unspecified list name parameter to opac-addbybiblionumber.pl, (3) hijack the authentication of library administrator users for requests that execute arbitrary web script or HTML via virtualshelves/shelves.pl when a shelf name contains web script or HTML, or (4) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that execute arbitrary web script or HTML by adding a biblio to a list whose name contains web script or HTML.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4639" target="_blank">CVE-2015-4639</a><br><a href="http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">kopano -- kopano<br> </td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11666" target="_blank">CVE-2017-11666</a><br><a href="https://stash.kopano.io/projects/KWA/repos/filepreviewer/commits/85d2b5c2d27f461bba12e9491fcc4b0d8fde771a" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">lame -- lame<br> </td><td style="text-align: left;" align="left">The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9411" target="_blank">CVE-2017-9411</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/63" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">lame -- lame<br> </td><td style="text-align: left;" align="left">The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9412" target="_blank">CVE-2017-9412</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/63" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">lame -- lame<br> </td><td style="text-align: left;" align="left">The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9410" target="_blank">CVE-2017-9410</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/63" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">lame --lame</td><td style="text-align: left;" align="left">There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11720" target="_blank">CVE-2017-11720</a><br><a href="https://sourceforge.net/p/lame/bugs/460/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">libav -- libav<br> </td><td style="text-align: left;" align="left">There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11684" target="_blank">CVE-2017-11684</a><br><a href="https://bugzilla.libav.org/show_bug.cgi?id=1073" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">libdeploypkg -- libdeploypkg<br> </td><td style="text-align: left;" align="left">VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5191" target="_blank">CVE-2015-5191</a><br><a href="https://www.vmware.com/security/advisories/VMSA-2017-0013.html" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">libjpeg-turbo -- libjpeg-turbo<br> </td><td style="text-align: left;" align="left">The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9614" target="_blank">CVE-2017-9614</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/66" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">libtiff -- libtiff<br> </td><td style="text-align: left;" align="left">In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11613" target="_blank">CVE-2017-11613</a><br><a href="https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left"><p>linux -- linux_kernel</p><br> </td><td style="text-align: left;" align="left">The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7541" target="_blank">CVE-2017-7541</a><br><a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c" target="_blank">CONFIRM</a><br><a href="http://openwall.com/lists/oss-security/2017/07/24/2" target="_blank">CONFIRM</a><br><a href="http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/99955" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038981" target="_blank">SECTRACK</a><br><a href="https://bugzilla.novell.com/show_bug.cgi?id=1049645" target="_blank">CONFIRM</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1473198" target="_blank">CONFIRM</a><br><a href="https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c" target="_blank">CONFIRM</a><br><a href="https://www.spinics.net/lists/stable/msg180994.html" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left"><p>linux -- linux_kernel</p><br> </td><td style="text-align: left;" align="left">net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11600" target="_blank">CVE-2017-11600</a><br><a href="http://seclists.org/bugtraq/2017/Jul/30" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">locationvalue -- restaurant_karaoke_shidax<br> </td><td style="text-align: left;" align="left">The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0904" target="_blank">CVE-2015-0904</a><br><a href="http://jvn.jp/en/jp/JVN68819526/index.html" target="_blank">JVN</a><br><a href="http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000049.html" target="_blank">JVNDB</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">loomio -- loomio<br> </td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment.</td><td style="text-align: center;" align="center">2017-07-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11594" target="_blank">CVE-2017-11594</a><br><a href="https://github.com/loomio/loomio/commit/63973f71e337ead8ca7b7ae2a043b837032dc3fe" target="_blank">CONFIRM</a><br><a href="https://github.com/loomio/loomio/issues/4220" target="_blank">CONFIRM</a><br><a href="https://github.com/loomio/loomio/releases/tag/1.8.0" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">medhost -- connex<br> </td><td style="text-align: left;" align="left">MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilizes an IBM i DB2 user account for database access. The account name is HMSCXPDN. Its password is hard-coded in multiple places in the application. Customers do not have the option to change this password. The account has elevated DB2 roles, and can access all objects or database tables on the customer DB2 database. This account can access data through ODBC, FTP, and TELNET. Customers without Connex installed are still vulnerable because the MEDHOST setup program creates this account.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11614" target="_blank">CVE-2017-11614</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/59" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">medhost -- medhost<br> </td><td style="text-align: left;" align="left">MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. The Apache Solr account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for Apache Solr has access to all indexed patient documents.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11694" target="_blank">CVE-2017-11694</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/71" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">medhost -- medhost<br> </td><td style="text-align: left;" align="left">MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11693" target="_blank">CVE-2017-11693</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/71" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">mediacoder -- mediacoder<br> </td><td style="text-align: left;" align="left">Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8869" target="_blank">CVE-2017-8869</a><br><a href="https://www.exploit-db.com/exploits/42384/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">mediawiki -- mediawiki<br> </td><td style="text-align: left;" align="left">The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8009" target="_blank">CVE-2015-8009</a><br><a href="http://www.openwall.com/lists/oss-security/2015/10/29/14" target="_blank">MLIST</a><br><a href="https://phabricator.wikimedia.org/T103023" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">metinfo -- metinfo<br> </td><td style="text-align: left;" align="left">job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11715" target="_blank">CVE-2017-11715</a><br><a href="https://lncken.cn/?p=316" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">metinfo -- metinfo<br> </td><td style="text-align: left;" align="left">MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11716" target="_blank">CVE-2017-11716</a><br><a href="https://lncken.cn/?p=339" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">metinfo -- metinfo<br> </td><td style="text-align: left;" align="left">There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11718" target="_blank">CVE-2017-11718</a><br><a href="https://lncken.cn/?p=350" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">metinfo -- metinfo<br> </td><td style="text-align: left;" align="left">MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11717" target="_blank">CVE-2017-11717</a><br><a href="https://lncken.cn/?p=343" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ming -- ming<br> </td><td style="text-align: left;" align="left">A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11705" target="_blank">CVE-2017-11705</a><br><a href="http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in.html" target="_blank">MISC</a><br><a href="https://github.com/libming/libming/issues/71" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ming -- ming<br> </td><td style="text-align: left;" align="left">A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11703" target="_blank">CVE-2017-11703</a><br><a href="http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in-parseswfdoaction.html" target="_blank">MISC</a><br><a href="https://github.com/libming/libming/issues/72" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ming -- ming<br> </td><td style="text-align: left;" align="left">A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11704" target="_blank">CVE-2017-11704</a><br><a href="http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in.html" target="_blank">MISC</a><br><a href="https://github.com/libming/libming/issues/76" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">mod_http2 -- mod_http2</td><td style="text-align: left;" align="left">A maliciously constructed HTTP/2 request could cause mod_http2 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7659" target="_blank">CVE-2017-7659</a><br><a href="http://www.securityfocus.com/bid/99132" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1038711" target="_blank">SECTRACK</a><br><a href="https://lists.apache.org/thread.html/1d0b746bbaa3a64890fcdab59ee9050aaa633b7143e7d412374e5a9a@%3Cannounce.httpd.apache.org%3E" target="_blank">MLIST</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">mpg123 -- mpg123<br> </td><td style="text-align: left;" align="left">The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9545" target="_blank">CVE-2017-9545</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/65" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">natapp -- oncommand_api_services</td><td style="text-align: left;" align="left">NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8919" target="_blank">CVE-2017-8919</a><br><a href="http://www.securityfocus.com/bid/99957" target="_blank">BID</a><br><a href="https://kb.netapp.com/support/s/article/ka51A0000008Spy/NTAP-20170718-0001" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">netcomm -- wireless_routers<br> </td><td style="text-align: left;" align="left">NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11645" target="_blank">CVE-2017-11645</a><br><a href="https://iscouncil.blogspot.com/2017/07/access-violation-vulnerability-in.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">netcomm -- wireless_routers<br> </td><td style="text-align: left;" align="left">NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11647" target="_blank">CVE-2017-11647</a><br><a href="https://iscouncil.blogspot.com/2017/07/cross-site-scripting-vulnerability-in.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">netcomm -- wireless_routers<br> </td><td style="text-align: left;" align="left">NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11646" target="_blank">CVE-2017-11646</a><br><a href="https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">nexusphp -- nexusphp<br> </td><td style="text-align: left;" align="left">NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11651" target="_blank">CVE-2017-11651</a><br><a href="http://118.89.230.52/about/details.docx" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">node.js -- node.js<br> </td><td style="text-align: left;" align="left">Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11499" target="_blank">CVE-2017-11499</a><br><a href="https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">nss_compat_ossl -- nss_compat_ossl<br> </td><td style="text-align: left;" align="left">The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3278" target="_blank">CVE-2015-3278</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1238326" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ntp -- ntp<br> </td><td style="text-align: left;" align="left">The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703" target="_blank">CVE-2015-7703</a><br><a href="http://support.ntp.org/bin/view/Main/NtpBug2902" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/77278" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1254547" target="_blank">CONFIRM</a><br><a href="https://security.gentoo.org/glsa/201607-15" target="_blank">GENTOO</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">ntp -- ntp<br> </td><td style="text-align: left;" align="left">The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5300" target="_blank">CVE-2015-5300</a><br><a href="http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc" target="_blank">CONFIRM</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html" target="_blank">FEDORA</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html" target="_blank">FEDORA</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html" target="_blank">FEDORA</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" target="_blank">SUSE</a><br><a href="http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" target="_blank">SUSE</a><br><a href="http://rhn.redhat.com/errata/RHSA-2015-1930.html" target="_blank">REDHAT</a><br><a href="http://seclists.org/bugtraq/2016/Feb/164" target="_blank">MLIST</a><br><a href="http://support.ntp.org/bin/view/Main/NtpBug2956" target="_blank">CONFIRM</a><br><a href="http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit" target="_blank">CONFIRM</a><br><a href="http://www.debian.org/security/2015/dsa-3388" target="_blank">DEBIAN</a><br><a href="http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/77312" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1034670" target="_blank">SECTRACK</a><br><a href="http://www.ubuntu.com/usn/USN-2783-1" target="_blank">UBUNTU</a><br><a href="https://bto.bluecoat.com/security-advisory/sa113" target="_blank">CONFIRM</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1271076" target="_blank">CONFIRM</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01" target="_blank">MISC</a><br><a href="https://support.citrix.com/article/CTX220112" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21979393" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21980676" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21983501" target="_blank">CONFIRM</a><br><a href="https://www-01.ibm.com/support/docview.wss?uid=swg21983506" target="_blank">CONFIRM</a><br><a href="https://www.cs.bu.edu/~goldbe/NTPattack.html" target="_blank">MISC</a><br><a href="https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc" target="_blank">FREEBSD</a><br><a href="https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428" target="_blank">CONFIRM</a><br><a href="https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" target="_blank">CONFIRM</a><br><a href="https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">nvidia -- windows_gpu_display_driver</td><td style="text-align: left;" align="left">NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6260" target="_blank">CVE-2017-6260</a><br><a href="http://nvidia.custhelp.com/app/answers/detail/a_id/4525" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left"><p>nvidia -- windows_gpu_display_driver</p><br> </td><td style="text-align: left;" align="left">NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6251" target="_blank">CVE-2017-6251</a><br><a href="http://nvidia.custhelp.com/app/answers/detail/a_id/4525" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">nvidia -- windows_gpu_display_driver<br> </td><td style="text-align: left;" align="left">NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6257" target="_blank">CVE-2017-6257</a><br><a href="http://nvidia.custhelp.com/app/answers/detail/a_id/4525" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">nvidia -- windows_gpu_display_driver<br> </td><td style="text-align: left;" align="left">NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6252" target="_blank">CVE-2017-6252</a><br><a href="http://nvidia.custhelp.com/app/answers/detail/a_id/4525" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">nvidia -- windows_gpu_display_driver<br> </td><td style="text-align: left;" align="left">NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denial of service or potential escalation of privileges</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6253" target="_blank">CVE-2017-6253</a><br><a href="http://nvidia.custhelp.com/app/answers/detail/a_id/4525" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">nvidia -- windows_gpu_display_driver<br> </td><td style="text-align: left;" align="left">NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6255" target="_blank">CVE-2017-6255</a><br><a href="http://nvidia.custhelp.com/app/answers/detail/a_id/4525" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">nvidia -- windows_gpu_display_driver<br> </td><td style="text-align: left;" align="left">NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6256" target="_blank">CVE-2017-6256</a><br><a href="http://nvidia.custhelp.com/app/answers/detail/a_id/4525" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">nvidia -- windows_gpu_display_driver<br> </td><td style="text-align: left;" align="left">NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6259" target="_blank">CVE-2017-6259</a><br><a href="http://nvidia.custhelp.com/app/answers/detail/a_id/4525" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">nvidia -- windows_gpu_display_driver<br> </td><td style="text-align: left;" align="left">NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validation which may lead to denial of service or potential escalation of privileges.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6254" target="_blank">CVE-2017-6254</a><br><a href="http://nvidia.custhelp.com/app/answers/detail/a_id/4525" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">openjdk8 -- openjdk8<br> </td><td style="text-align: left;" align="left">The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3149" target="_blank">CVE-2015-3149</a><br><a href="http://rhn.redhat.com/errata/RHSA-2015-1228.html" target="_blank">REDHAT</a><br><a href="http://www.securityfocus.com/bid/75933" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1213365" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">openpgp.js -- openpgp.js<br> </td><td style="text-align: left;" align="left">s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8013" target="_blank">CVE-2015-8013</a><br><a href="http://www.openwall.com/lists/oss-security/2015/10/30/5" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/77088" target="_blank">BID</a><br><a href="https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">openproject -- openproject<br> </td><td style="text-align: left;" align="left">OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11667" target="_blank">CVE-2017-11667</a><br><a href="https://github.com/opf/openproject/commit/0fdd7578909d2ec50abc275fc4962e99566437ee" target="_blank">CONFIRM</a><br><a href="https://www.openproject.org/openproject-6-1-6-released-security-fix/" target="_blank">CONFIRM</a><br><a href="https://www.openproject.org/openproject-7-0-3-released/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">oxide-qt -- oxide-qt<br> </td><td style="text-align: left;" align="left">The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1332" target="_blank">CVE-2015-1332</a><br><a href="http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1332.html" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/76710" target="_blank">BID</a><br><a href="http://www.ubuntu.com/usn/USN-2735-1" target="_blank">UBUNTU</a><br><a href="https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubuntu0.15.04.1" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">panda_security -- kernel_memory_access_driver<br> </td><td style="text-align: left;" align="left">Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1438" target="_blank">CVE-2015-1438</a><br><a href="http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2015/Jul/42" target="_blank">FULLDISC</a><br><a href="http://seclists.org/fulldisclosure/2015/Jul/61" target="_blank">FULLDISC</a><br><a href="http://www.securityfocus.com/bid/75715" target="_blank">BID</a><br><a href="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">php -- php<br> </td><td style="text-align: left;" align="left">In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11628" target="_blank">CVE-2017-11628</a><br><a href="http://git.php.net/?p=php-src.git;a=commit;h=05255749139b3686c8a6a58ee01131ac0047465e" target="_blank">MISC</a><br><a href="http://git.php.net/?p=php-src.git;a=commit;h=5f8380d33e648964d2d5140f329cf2d4c443033c" target="_blank">MISC</a><br><a href="http://www.securityfocus.com/bid/99489" target="_blank">BID</a><br><a href="https://bugs.php.net/bug.php?id=74603" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">qemu -- qemu<br> </td><td style="text-align: left;" align="left">The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11434" target="_blank">CVE-2017-11434</a><br><a href="http://www.openwall.com/lists/oss-security/2017/07/19/2" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/99923" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1472611" target="_blank">CONFIRM</a><br><a href="https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html" target="_blank">MLIST</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">qpdf -- qpdf</td><td style="text-align: left;" align="left">A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11624" target="_blank">CVE-2017-11624</a><br><a href="http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html" target="_blank">MISC</a><br><a href="https://github.com/qpdf/qpdf/issues/117" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">qpdf -- qpdf<br> </td><td style="text-align: left;" align="left">A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11626" target="_blank">CVE-2017-11626</a><br><a href="http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html" target="_blank">MISC</a><br><a href="https://github.com/qpdf/qpdf/issues/119" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">qpdf -- qpdf<br> </td><td style="text-align: left;" align="left">A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11625" target="_blank">CVE-2017-11625</a><br><a href="http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_26.html" target="_blank">MISC</a><br><a href="https://github.com/qpdf/qpdf/issues/120" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">qpdf -- qpdf<br> </td><td style="text-align: left;" align="left">A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11627" target="_blank">CVE-2017-11627</a><br><a href="http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html" target="_blank">MISC</a><br><a href="https://github.com/qpdf/qpdf/issues/118" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">quick_emulator -- quick_emulator<br> </td><td style="text-align: left;" align="left">Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7980" target="_blank">CVE-2017-7980</a><br><a href="http://ubuntu.com/usn/usn-3289-1" target="_blank">UBUNTU</a><br><a href="http://www.openwall.com/lists/oss-security/2017/04/21/1" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/97955" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1430056" target="_blank">CONFIRM</a><br><a href="https://security.gentoo.org/glsa/201706-03" target="_blank">GENTOO</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">redhat -- arts_and_kdelibs<br> </td><td style="text-align: left;" align="left">aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7543" target="_blank">CVE-2015-7543</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1280543" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">resiprocate -- resiprocate<br> </td><td style="text-align: left;" align="left">The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.</td><td style="text-align: center;" align="center">2017-07-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11521" target="_blank">CVE-2017-11521</a><br><a href="https://github.com/resiprocate/resiprocate/pull/88" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">rsyslog -- rsyslog<br> </td><td style="text-align: left;" align="left">rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3243" target="_blank">CVE-2015-3243</a><br><a href="http://www.openwall.com/lists/oss-security/2015/06/18/12" target="_blank">MLIST</a><br><a href="http://www.openwall.com/lists/oss-security/2015/06/20/3" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/75298" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1032885" target="_blank">SECTRACK</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1232826" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">sap -- netweaver<br> </td><td style="text-align: left;" align="left">XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11457" target="_blank">CVE-2017-11457</a><br><a href="https://erpscan.com/advisories/erpscan-17-018-sap-netweaver-java-7-5-xxe-com-sap-km-cm-ice/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">sap -- netweaver<br> </td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11458" target="_blank">CVE-2017-11458</a><br><a href="https://erpscan.com/advisories/erpscan-17-017-sap-netweaver-java-7-3-java-xss-ctcprotocolprotocol-servlet/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">sap -- trex<br> </td><td style="text-align: left;" align="left">SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11459" target="_blank">CVE-2017-11459</a><br><a href="https://erpscan.com/advisories/erpscan-17-019-sap-trex-rce/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">sendio -- sendio</td><td style="text-align: left;" align="left">Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10399" target="_blank">CVE-2016-10399</a><br><a href="https://sendio.com/support/software-release-history/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">simplerisk -- simplerisk</td><td style="text-align: left;" align="left">In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10711" target="_blank">CVE-2017-10711</a><br><a href="https://www.seekurity.com/blog/general/reflected-xss-vulnerability-in-simplerisk/" target="_blank">MISC</a><br><a href="https://www.youtube.com/watch?v=jOUKEYW0RQw" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">sipcrack -- sipcrack</td><td style="text-align: left;" align="left">An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11654" target="_blank">CVE-2017-11654</a><br><a href="http://openwall.com/lists/oss-security/2017/07/26/1" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">sipcrack -- sipcrack<br> </td><td style="text-align: left;" align="left">A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11655" target="_blank">CVE-2017-11655</a><br><a href="http://openwall.com/lists/oss-security/2017/07/26/1" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">soundtouch -- soundtouch</td><td style="text-align: left;" align="left">The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9258" target="_blank">CVE-2017-9258</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/62" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">soundtouch -- soundtouch<br> </td><td style="text-align: left;" align="left">The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9260" target="_blank">CVE-2017-9260</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/62" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">soundtouch -- soundtouch<br> </td><td style="text-align: left;" align="left">The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9259" target="_blank">CVE-2017-9259</a><br><a href="http://seclists.org/fulldisclosure/2017/Jul/62" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">statamic -- statamic_framework<br> </td><td style="text-align: left;" align="left">Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11422" target="_blank">CVE-2017-11422</a><br><a href="https://gist.github.com/rambo691/3714c8c09cf894d574d37c294711c49e" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">synology -- synology _diskstation_manager<br> </td><td style="text-align: left;" align="left">An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9554" target="_blank">CVE-2017-9554</a><br><a href="https://www.synology.com/en-global/support/security/Synology_SA_17_29_DSM" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">synology -- synology _diskstation_manager<br> </td><td style="text-align: left;" align="left">A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9553" target="_blank">CVE-2017-9553</a><br><a href="https://www.synology.com/en-global/support/security/Synology_SA_17_29_DSM" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">tilde -- tilde<br> </td><td style="text-align: left;" align="left">An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php.</td><td style="text-align: center;" align="center">2017-07-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11325" target="_blank">CVE-2017-11325</a><br><a href="https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">vmware -- vcenter_server<br> </td><td style="text-align: left;" align="left">VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.</td><td style="text-align: center;" align="center">2017-07-28</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-4919" target="_blank">CVE-2017-4919</a><br><a href="http://www.vmware.com/security/advisories/VMSA-2017-0012.html" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">waves -- maxxaudio<br> </td><td style="text-align: left;" align="left">Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6005" target="_blank">CVE-2017-6005</a><br><a href="http://justpentest.blogspot.in/2017/07/dell-unquoted-service-path-local.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">wg-c10 -- wg-c10<br> </td><td style="text-align: left;" align="left">WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2277" target="_blank">CVE-2017-2277</a><br><a href="https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10" target="_blank">MISC</a><br><a href="https://jvn.jp/en/jp/JVN77412145/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">wildfly -- wildfly<br> </td><td style="text-align: left;" align="left">The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3198" target="_blank">CVE-2015-3198</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1224787" target="_blank">CONFIRM</a><br><a href="https://developer.jboss.org/message/927301#927301" target="_blank">MISC</a><br><a href="https://issues.jboss.org/browse/WFLY-4595" target="_blank">CONFIRM</a><br><a href="https://stackoverflow.com/questions/30028346/with-trailing-slash-in-url-jsp-show-source-code" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">wmr-433 -- wmr-433</td><td style="text-align: left;" align="left">Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.</td><td style="text-align: center;" align="center">2017-07-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2273" target="_blank">CVE-2017-2273</a><br><a href="http://buffalo.jp/support_s/s20170606.html" target="_blank">CONFIRM</a><br><a href="https://jvn.jp/en/jp/JVN48413726/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- wordpress</td><td style="text-align: left;" align="left">In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11658" target="_blank">CVE-2017-11658</a><br><a href="https://gist.github.com/Shinkurt/157dbb3767c9489f3d754f79b183a890" target="_blank">MISC</a><br><a href="https://wp-rocket.me/changelog" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">wube -- factorio</td><td style="text-align: left;" align="left">A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library.</td><td style="text-align: center;" align="center">2017-07-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11615" target="_blank">CVE-2017-11615</a><br><a href="https://security.gerhardt.link/RCE-in-Factorio/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">zencart -- zencart</td><td style="text-align: left;" align="left">The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11675" target="_blank">CVE-2017-11675</a><br><a href="https://github.com/imp0wd3r/vuln-papers/tree/master/zencart-155e-auth-rce" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">zenphoto -- zenphoto<br> </td><td style="text-align: left;" align="left">The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5594" target="_blank">CVE-2015-5594</a><br><a href="http://cve.killedkenny.io/cve/CVE-2015-5594" target="_blank">MISC</a><br><a href="http://www.openwall.com/lists/oss-security/2015/07/18/3" target="_blank">MLIST</a><br><a href="http://www.zenphoto.org/news/zenphoto-1.4.9" target="_blank">CONFIRM</a><br><a href="https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">zoho -- manageengine_event_log_analyzer<br> </td><td style="text-align: left;" align="left">Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11686" target="_blank">CVE-2017-11686</a><br><a href="http://init6.me/exploiting-manageengine-eventlog-analyzer.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">zoho -- manageengine_event_log_analyzer<br> </td><td style="text-align: left;" align="left">Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11685" target="_blank">CVE-2017-11685</a><br><a href="http://init6.me/exploiting-manageengine-eventlog-analyzer.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">zoho -- manageengine_event_log_analyzer<br> </td><td style="text-align: left;" align="left">Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.</td><td style="text-align: center;" align="center">2017-07-27</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11687" target="_blank">CVE-2017-11687</a><br><a href="http://init6.me/exploiting-manageengine-eventlog-analyzer.html" target="_blank">MISC</a></td></tr><tr><td class="ox-e999cfe2c1-vendor-product" style="text-align: left;" scope="row" align="left">zyxel -- zyxel<br> </td><td style="text-align: left;" align="left">ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).</td><td style="text-align: center;" align="center">2017-07-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10401" target="_blank">CVE-2016-10401</a><br><a href="https://forum.openwrt.org/viewtopic.php?id=62266" target="_blank">MISC</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a></div><hr><p>This product is provided subject to this <a href="http://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="http://www.us-cert.gov/privacy/">Privacy & Use</a> policy.</p></div></div><div id="ox-e999cfe2c1-mail_footer"><hr><table style="border-collapse: collapse; width: 100%;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #757575; font-size: 10px; font-family: Arial;" width="89%" height="60">A copy of this publication is available at <a href="https://www.us-cert.gov">www.us-cert.gov</a>. If you need help or have questions, please send an email to <a href="mailto:info@us-cert.gov">info@us-cert.gov</a>. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@ncas.us-cert.gov to your address book.</td></tr></tbody></table><table style="border-collapse: collapse; width: 400px;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" valign="bottom" height="24">OTHER RESOURCES:</td></tr><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" valign="middle" height="24"><a href="http://www.us-cert.gov/contact-us/" target="_blank">Contact Us</a> | <a href="http://www.us-cert.gov/security-publications" target="_blank">Security Publications</a> | <a href="http://www.us-cert.gov/ncas" target="_blank">Alerts and Tips</a> | <a href="http://www.us-cert.gov/related-resources" target="_blank">Related Resources</a></td></tr></tbody></table><table style="border-collapse: collapse; width: 150px;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" colspan="7" valign="bottom" height="24">STAY CONNECTED:</td></tr><tr><td width="41" style="padding: 0px;"><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new"><img src="https://service.govdelivery.com/banners/GOVDELIVERY/SOCIAL_MEDIA/envelope.gif" border="0" alt="Sign up for email updates" width="25" height="25" style="width: 25px; height: 25px;"></a></td></tr></tbody></table><p style="color: #666666; font-family: Arial, sans-serif; font-size: 12px;">SUBSCRIBER SERVICES:<br><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true" target="_blank">Manage Preferences</a>  |  <a href="https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.b03cc84c90ac58ffb6e970add416fb2d&destination=w3hwn%40arrl.net" target="_blank">Unsubscribe</a>  |  <a href="https://subscriberhelp.govdelivery.com/">Help</a></p></div><div id="ox-e999cfe2c1-tagline"><hr><table style="border-collapse: collapse; width: 100%;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #757575; font-size: 10px; font-family: Arial;" width="89%">This email was sent to w3hwn@arrl.net using GovDelivery Communications Cloud on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870</td><td align="right" width="11%" style="padding: 0px;"><a href="https://insights.govdelivery.com/Communications/Subscriber_Help_Center" target="_blank"><img src="https://public.govdelivery.com/images/govd-logo-dark.png" border="0" alt="GovDelivery logo" width="115"></a></td></tr></tbody></table></div></td></tr></tbody></table></blockquote></body></html>