<!DOCTYPE html>
<html><head>
    <meta charset="UTF-8">
</head><body><p><br></p><blockquote type="cite">---------- Original Message ----------<br>From: US-CERT <US-CERT@ncas.us-cert.gov><br>To: w3hwn@arrl.net<br>Date: August 28, 2017 at 12:20 PM<br>Subject: SB17-240: Vulnerability Summary for the Week of August 21, 2017<br><br><table width="700" border="0" cellspacing="0" cellpadding="0" align="center" style="border-collapse: collapse;" class="mce-item-table"><tbody><tr><td style="padding: 0px;"><p><img src="http://content.govdelivery.com/attachments/fancy_images/USDHSUSCERT/2015/11/675988/us-cert-banner-700x100-2_original.png" alt="U.S. Department of Homeland Security US-CERT" width="700" height="100" style="width: 700px; height: 100px;"></p><p>National Cyber Awareness System:</p><p> </p><div class="ox-18fc54db99-rss_item" style="margin-bottom: 2em;"><div class="ox-18fc54db99-rss_title" style="font-weight: bold; font-size: 120%; margin: 0 0 0.3em; padding: 0;"><a href="https://www.us-cert.gov/ncas/bulletins/SB17-240">SB17-240: Vulnerability Summary for the Week of August 21, 2017</a></div><div class="ox-18fc54db99-rss_pub_date" style="font-size: 90%; font-style: italic; color: #666666; margin: 0 0 0.3em; padding: 0;">08/28/2017 06:43 AM EDT</div><br><div class="ox-18fc54db99-rss_description" style="margin: 0 0 0.3em; padding: 0;">Original release date: August 28, 2017 <br><p>The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the <a href="http://www.nist.gov">National Institute of Standards and Technology</a> (NIST) <a href="http://nvd.nist.gov">National Vulnerability Database</a> (NVD) in the past week. The NVD is sponsored by the <a href="http://www.dhs.gov">Department of Homeland Security</a> (DHS) <a href="https://www.us-cert.gov/nccic">National Cybersecurity and Communications Integration Center</a> (NCCIC) / <a href="https://www.us-cert.gov">United States Computer Emergency Readiness Team</a> (US-CERT). For modified or updated entries, please visit the <a href="http://nvd.nist.gov" target="_blank">NVD</a>, which contains historical vulnerability information.</p><p>The vulnerabilities are based on the <a href="http://cve.mitre.org/" target="_blank">CVE</a> vulnerability naming standard and are organized according to severity, determined by the <a href="http://nvd.nist.gov/cvss.cfm" target="_blank">Common Vulnerability Scoring System</a> (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:</p><ul><li><p><strong><a href="#high">High</a></strong> - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0</p></li><li><p><strong><a href="#medium">Medium</a></strong> - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9</p></li><li><p><strong><a href="#low">Low</a></strong> - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9</p></li></ul><p>Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.</p><p><a id="ox-18fc54db99-high" name="high" class="mce-item-anchor"></a> </p><div id="ox-18fc54db99-high_v"><h2 id="ox-18fc54db99-high_v_title">High Vulnerabilities</h2><table border="1" summary="High Vulnerabilities" align="center"><thead><tr><th class="ox-18fc54db99-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">apache2triad -- apache2triad</td><td style="text-align: left;" align="left">Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12965&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12965" target="_blank">CVE-2017-12965</a><br><a href="http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt" target="_blank">MISC</a><br><a href="http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html" target="_blank">MISC</a><br><a href="http://www.securityfocus.com/bid/100447" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">aptus -- styra_porttelefonkort_4400_firmware</td><td style="text-align: left;" align="left">Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-7278&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7278" target="_blank">CVE-2017-7278</a><br><a href="https://www.aptus.se/sv/site/aptusse/support/sakerhetsuppdatering/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">buffalo -- wcr-1166ds_firmware</td><td style="text-align: left;" align="left">Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10811&vector=(AV:A/AC:L/Au:S/C:C/I:C/A:C)" target="_blank">7.7</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10811" target="_blank">CVE-2017-10811</a><br><a href="http://buffalo.jp/support_s/s20170804_1.html" target="_blank">CONFIRM</a><br><a href="https://jvn.jp/en/jp/JVN05340005/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">enecho.meti -- shin_kikan_toukei_houkoku_data_nyuryokuyou_program</td><td style="text-align: left;" align="left">Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10821&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10821" target="_blank">CVE-2017-10821</a><br><a href="https://jvn.jp/en/jp/JVN73559859/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">enecho.meti -- shin_kinkyuji_houkoku_data_nyuryoku_program</td><td style="text-align: left;" align="left">Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10823&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10823" target="_blank">CVE-2017-10823</a><br><a href="https://jvn.jp/en/jp/JVN23546631/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">enecho.meti -- shin_sekiyu_yunyu_chousa_houkoku_data_nyuryoku_program</td><td style="text-align: left;" align="left">Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10822&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10822" target="_blank">CVE-2017-10822</a><br><a href="https://jvn.jp/en/jp/JVN71104430/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">enecho.meti -- teikihoukokusho_sakuseishien_tool</td><td style="text-align: left;" align="left">Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2228&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2228" target="_blank">CVE-2017-2228</a><br><a href="https://jvn.jp/en/jp/JVN53292345/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">formcraft-wp -- formcraft</td><td style="text-align: left;" align="left">The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13137&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13137" target="_blank">CVE-2017-13137</a><br><a href="https://packetstormsecurity.com/files/143116/WordPress-FormCraft-Basic-1.0.5-SQL-Injection.html" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9411&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9411" target="_blank">CVE-2014-9411</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9968&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9968" target="_blank">CVE-2014-9968</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9969&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9969" target="_blank">CVE-2014-9969</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9971&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9971" target="_blank">CVE-2014-9971</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9972&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9972" target="_blank">CVE-2014-9972</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9973&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9973" target="_blank">CVE-2014-9973</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9974&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9974" target="_blank">CVE-2014-9974</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9975&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9975" target="_blank">CVE-2014-9975</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9976&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9976" target="_blank">CVE-2014-9976</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9977&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9977" target="_blank">CVE-2014-9977</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9978&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9978" target="_blank">CVE-2014-9978</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9979&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9979" target="_blank">CVE-2014-9979</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9980&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9980" target="_blank">CVE-2014-9980</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9981&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9981" target="_blank">CVE-2014-9981</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-0574&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0574" target="_blank">CVE-2015-0574</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-0575&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0575" target="_blank">CVE-2015-0575</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-0576&vector=(AV:N/AC:H/Au:N/C:C/I:C/A:C)" target="_blank">7.6</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0576" target="_blank">CVE-2015-0576</a><br><a href="https://source.android.com/security/bulletin/2017-04-01" target="_blank">MISC.</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8592&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8592" target="_blank">CVE-2015-8592</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8593&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8593" target="_blank">CVE-2015-8593</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8594&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8594" target="_blank">CVE-2015-8594</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8595&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8595" target="_blank">CVE-2015-8595</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8596&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8596" target="_blank">CVE-2015-8596</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9034&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9034" target="_blank">CVE-2015-9034</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9035&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9035" target="_blank">CVE-2015-9035</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9036&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9036" target="_blank">CVE-2015-9036</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9037&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9037" target="_blank">CVE-2015-9037</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9038&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9038" target="_blank">CVE-2015-9038</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9039&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9039" target="_blank">CVE-2015-9039</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9040&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9040" target="_blank">CVE-2015-9040</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9041&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9041" target="_blank">CVE-2015-9041</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9042&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9042" target="_blank">CVE-2015-9042</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9043&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9043" target="_blank">CVE-2015-9043</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9044&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9044" target="_blank">CVE-2015-9044</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9045&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9045" target="_blank">CVE-2015-9045</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9046&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9046" target="_blank">CVE-2015-9046</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9047&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9047" target="_blank">CVE-2015-9047</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9048&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9048" target="_blank">CVE-2015-9048</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9049&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9049" target="_blank">CVE-2015-9049</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9050&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9050" target="_blank">CVE-2015-9050</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9051&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9051" target="_blank">CVE-2015-9051</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9052&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9052" target="_blank">CVE-2015-9052</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9053&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9053" target="_blank">CVE-2015-9053</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9054&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9054" target="_blank">CVE-2015-9054</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9055&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9055" target="_blank">CVE-2015-9055</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9060&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9060" target="_blank">CVE-2015-9060</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9061&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9061" target="_blank">CVE-2015-9061</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9062&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9062" target="_blank">CVE-2015-9062</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9063&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9063" target="_blank">CVE-2015-9063</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9064&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9064" target="_blank">CVE-2015-9064</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9065&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9065" target="_blank">CVE-2015-9065</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9066&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9066" target="_blank">CVE-2015-9066</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9067&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9067" target="_blank">CVE-2015-9067</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9068&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9068" target="_blank">CVE-2015-9068</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9069&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9069" target="_blank">CVE-2015-9069</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9070&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9070" target="_blank">CVE-2015-9070</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9071&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9071" target="_blank">CVE-2015-9071</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9072&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9072" target="_blank">CVE-2015-9072</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9073&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9073" target="_blank">CVE-2015-9073</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10343&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10343" target="_blank">CVE-2016-10343</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10344&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10344" target="_blank">CVE-2016-10344</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10346&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10346" target="_blank">CVE-2016-10346</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10347&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10347" target="_blank">CVE-2016-10347</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10380&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10380" target="_blank">CVE-2016-10380</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10381&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10381" target="_blank">CVE-2016-10381</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10382&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10382" target="_blank">CVE-2016-10382</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10383&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10383" target="_blank">CVE-2016-10383</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10384&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10384" target="_blank">CVE-2016-10384</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10385&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10385" target="_blank">CVE-2016-10385</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10386&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10386" target="_blank">CVE-2016-10386</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10387&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10387" target="_blank">CVE-2016-10387</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10388&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10388" target="_blank">CVE-2016-10388</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10389&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10389" target="_blank">CVE-2016-10389</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10390&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10390" target="_blank">CVE-2016-10390</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10391&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10391" target="_blank">CVE-2016-10391</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10392&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10392" target="_blank">CVE-2016-10392</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5871&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5871" target="_blank">CVE-2016-5871</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5872&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5872" target="_blank">CVE-2016-5872</a><br><a href="http://www.securityfocus.com/bid/99467" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-0805&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0805" target="_blank">CVE-2017-0805</a><br><a href="https://source.android.com/security/bulletin/2017-08-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-7364&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7364" target="_blank">CVE-2017-7364</a><br><a href="http://www.securitytracker.com/id/1038623" target="_blank">SECTRACK</a><br><a href="https://source.android.com/security/bulletin/2017-06-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8253&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8253" target="_blank">CVE-2017-8253</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8255&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8255" target="_blank">CVE-2017-8255</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8262&vector=(AV:N/AC:H/Au:N/C:C/I:C/A:C)" target="_blank">7.6</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8262" target="_blank">CVE-2017-8262</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8263&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8263" target="_blank">CVE-2017-8263</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8267&vector=(AV:N/AC:H/Au:N/C:C/I:C/A:C)" target="_blank">7.6</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8267" target="_blank">CVE-2017-8267</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8268&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8268" target="_blank">CVE-2017-8268</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9678&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9678" target="_blank">CVE-2017-9678</a><br><a href="http://www.securityfocus.com/bid/100213" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-06-01" target="_blank">CONFIRM</a><br><a href="https://source.android.com/security/bulletin/2017-08-01" target="_blank">MISC.</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9684&vector=(AV:N/AC:H/Au:N/C:C/I:C/A:C)" target="_blank">7.6</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9684" target="_blank">CVE-2017-9684</a><br><a href="http://www.securityfocus.com/bid/100213" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-06-01" target="_blank">CONFIRM</a><br><a href="https://source.android.com/security/bulletin/2017-08-01" target="_blank">MISC.</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9685&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9685" target="_blank">CVE-2017-9685</a><br><a href="http://www.securityfocus.com/bid/100477" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-06-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13133&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C)" target="_blank">7.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13133" target="_blank">CVE-2017-13133</a><br><a href="http://www.securityfocus.com/bid/100479" target="_blank">BID</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/679" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13139&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13139" target="_blank">CVE-2017-13139</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">kddi -- qua_station_firmware</td><td style="text-align: left;" align="left">Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2289&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2289" target="_blank">CVE-2017-2289</a><br><a href="https://jvn.jp/en/jp/JVN81659403/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">libsass -- libsass</td><td style="text-align: left;" align="left">There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12964&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)" target="_blank">7.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12964" target="_blank">CVE-2017-12964</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1482397" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">linux -- linux_kernel</td><td style="text-align: left;" align="left">The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors.</td><td style="text-align: center;" align="center">2017-08-19</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10662&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">7.2</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10662" target="_blank">CVE-2017-10662</a><br><a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124" target="_blank">CONFIRM</a><br><a href="http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/100215" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1481146" target="_blank">CONFIRM</a><br><a href="https://github.com/torvalds/linux/commit/b9dd46188edc2f0d1f37328637860bb65a771124" target="_blank">CONFIRM</a><br><a href="https://source.android.com/security/bulletin/2017-08-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">linux -- linux_kernel</td><td style="text-align: left;" align="left">The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.</td><td style="text-align: center;" align="center">2017-08-19</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10663&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">7.2</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10663" target="_blank">CVE-2017-10663</a><br><a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15d3042a937c13f5d9244241c7a9c8416ff6e82a" target="_blank">CONFIRM</a><br><a href="http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/100215" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1481149" target="_blank">CONFIRM</a><br><a href="https://github.com/torvalds/linux/commit/15d3042a937c13f5d9244241c7a9c8416ff6e82a" target="_blank">CONFIRM</a><br><a href="https://source.android.com/security/bulletin/2017-08-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">nexusphp -- nexusphp</td><td style="text-align: left;" align="left">NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12981&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12981" target="_blank">CVE-2017-12981</a><br><a href="https://github.com/gitsucce/nexusphp/blob/master/nexusphp.md" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">nexusphp_project -- nexusphp</td><td style="text-align: left;" align="left">SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12776&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12776" target="_blank">CVE-2017-12776</a><br><a href="http://sh1yan.top/shiyan/cve.txt" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">nih -- libzip</td><td style="text-align: left;" align="left">Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12858&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12858" target="_blank">CVE-2017-12858</a><br><a href="http://www.securityfocus.com/bid/100459" target="_blank">BID</a><br><a href="https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">qnap -- ts-212p_firmware</td><td style="text-align: left;" align="left">Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12582&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12582" target="_blank">CVE-2017-12582</a><br><a href="http://www.kth.ninja/2017/08/qnap-surveillance-station.html" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">rarlab -- unrar</td><td style="text-align: left;" align="left">libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12940&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12940" target="_blank">CVE-2017-12940</a><br><a href="http://seclists.org/oss-sec/2017/q3/290" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">rarlab -- unrar</td><td style="text-align: left;" align="left">libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12941&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12941" target="_blank">CVE-2017-12941</a><br><a href="http://seclists.org/oss-sec/2017/q3/290" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">rarlab -- unrar</td><td style="text-align: left;" align="left">libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12942&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12942" target="_blank">CVE-2017-12942</a><br><a href="http://seclists.org/oss-sec/2017/q3/290" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">teikoku_databank -- type_a</td><td style="text-align: left;" align="left">Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10824&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)" target="_blank">9.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10824" target="_blank">CVE-2017-10824</a><br><a href="https://jvn.jp/en/jp/JVN18641169/index.html" target="_blank">JVN</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">wago -- wago_i/o_plc_758-870_firmware</td><td style="text-align: left;" align="left">WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-6473&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)" target="_blank">10.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6473" target="_blank">CVE-2015-6473</a><br><a href="http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2016/Mar/4" target="_blank">FULLDISC</a><br><a href="http://www.securityfocus.com/bid/84138" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">x.org -- libxfont</td><td style="text-align: left;" align="left">A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2007-5199&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">7.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5199" target="_blank">CVE-2007-5199</a><br><a href="https://bugzilla.suse.com/show_bug.cgi?id=327854" target="_blank">CONFIRM</a><br><a href="https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef" target="_blank">CONFIRM</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a></div><p><a id="ox-18fc54db99-medium" name="medium" class="mce-item-anchor"></a> </p><div id="ox-18fc54db99-medium_v"><h2 id="ox-18fc54db99-medium_v_title">Medium Vulnerabilities</h2><table border="1" summary="Medium Vulnerabilities" align="center"><thead><tr><th class="ox-18fc54db99-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">altools -- alzip</td><td style="text-align: left;" align="left">Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.</td><td style="text-align: center;" align="center">2017-08-19</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11323&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11323" target="_blank">CVE-2017-11323</a><br><a href="http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html" target="_blank">MISC</a><br><a href="http://www.altools.com/ALTools/ALZip/Version-History.aspx" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">apache2triad -- apache2triad</td><td style="text-align: left;" align="left">Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12970&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12970" target="_blank">CVE-2017-12970</a><br><a href="http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt" target="_blank">MISC</a><br><a href="http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html" target="_blank">MISC</a><br><a href="http://www.securityfocus.com/bid/100447" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">apache2triad -- apache2triad</td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12971&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12971" target="_blank">CVE-2017-12971</a><br><a href="http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt" target="_blank">MISC</a><br><a href="http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html" target="_blank">MISC</a><br><a href="http://www.securityfocus.com/bid/100447" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">asn1c_project -- asn1c</td><td style="text-align: left;" align="left">The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file.</td><td style="text-align: center;" align="center">2017-08-20</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12966&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12966" target="_blank">CVE-2017-12966</a><br><a href="https://drive.google.com/open?id=0B9DojFnTUSNGd05zSHI1RmpKQjQ" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">asus -- dsl-n10s_firmware</td><td style="text-align: left;" align="left">ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12592&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12592" target="_blank">CVE-2017-12592</a><br><a href="https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">asus -- dsl-n10s_firmware</td><td style="text-align: left;" align="left">ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12593&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12593" target="_blank">CVE-2017-12593</a><br><a href="https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">attic_project -- attic</td><td style="text-align: left;" align="left">attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file".</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-4082&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N)" target="_blank">4.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4082" target="_blank">CVE-2015-4082</a><br><a href="http://www.openwall.com/lists/oss-security/2015/05/31/3" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/74821" target="_blank">BID</a><br><a href="https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072" target="_blank">CONFIRM</a><br><a href="https://github.com/jborg/attic/issues/271" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">broken_link_checker_project -- broken_link_checker</td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5057&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5057" target="_blank">CVE-2015-5057</a><br><a href="http://www.openwall.com/lists/oss-security/2015/06/25/1" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/75421" target="_blank">BID</a><br><a href="https://wordpress.org/plugins/broken-link-checker/#developers" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">ccfile -- cc_file_transfer</td><td style="text-align: left;" align="left">In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12784&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12784" target="_blank">CVE-2017-12784</a><br><a href="https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">cyrusimap -- cyrus_imap</td><td style="text-align: left;" align="left">Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12843&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N)" target="_blank">4.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12843" target="_blank">CVE-2017-12843</a><br><a href="https://github.com/cyrusimap/cyrus-imapd/commit/53c4137bd924b954432c6c59da7572c4c5ffa901" target="_blank">CONFIRM</a><br><a href="https://github.com/cyrusimap/cyrus-imapd/commit/5edadcfb83bf27107578830801817f9e6d0ad941" target="_blank">CONFIRM</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M32R5QPCCNT57BVH3NPV5WVJFSTDP7Q/" target="_blank">FEDORA</a><br><a href="https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.3.html" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">d-link -- dir-600_b1_firmware</td><td style="text-align: left;" align="left">D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12943&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12943" target="_blank">CVE-2017-12943</a><br><a href="https://www.youtube.com/watch?v=PeNOJORAQsQ" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">django-cms -- django_cms</td><td style="text-align: left;" align="left">Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5081&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5081" target="_blank">CVE-2015-5081</a><br><a href="http://www.openwall.com/lists/oss-security/2015/06/28/1" target="_blank">MLIST</a><br><a href="https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a" target="_blank">CONFIRM</a><br><a href="https://www.django-cms.org/en/blog/2015/06/27/311-3014-release/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">dokuwiki -- dokuwiki</td><td style="text-align: left;" align="left">DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12979&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12979" target="_blank">CVE-2017-12979</a><br><a href="https://github.com/splitbrain/dokuwiki/issues/2080" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">dokuwiki -- dokuwiki</td><td style="text-align: left;" align="left">DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12980&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12980" target="_blank">CVE-2017-12980</a><br><a href="https://github.com/splitbrain/dokuwiki/issues/2081" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">easymodal_project -- easy_modal</td><td style="text-align: left;" align="left">classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12946&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12946" target="_blank">CVE-2017-12946</a><br><a href="http://www.defensecode.com/advisories/DC-2017-01-007_WordPress_Easy_Modal_Plugin_Advisory.pdf" target="_blank">MISC</a><br><a href="https://wordpress.org/plugins/easy-modal/#developers" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">easymodal_project -- easy_modal</td><td style="text-align: left;" align="left">classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12947&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12947" target="_blank">CVE-2017-12947</a><br><a href="http://www.defensecode.com/advisories/DC-2017-01-007_WordPress_Easy_Modal_Plugin_Advisory.pdf" target="_blank">MISC</a><br><a href="https://wordpress.org/plugins/easy-modal/#developers" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">exiv2 -- exiv2</td><td style="text-align: left;" align="left">There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12955&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12955" target="_blank">CVE-2017-12955</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1482295" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">exiv2 -- exiv2</td><td style="text-align: left;" align="left">There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12956&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12956" target="_blank">CVE-2017-12956</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1482296" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">exiv2 -- exiv2</td><td style="text-align: left;" align="left">There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12957&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12957" target="_blank">CVE-2017-12957</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1482423" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">fedoraproject -- fedora</td><td style="text-align: left;" align="left">Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5258&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5258" target="_blank">CVE-2015-5258</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177420.html" target="_blank">FEDORA</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1305443" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">gnome -- librest</td><td style="text-align: left;" align="left">The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-2675&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2675" target="_blank">CVE-2015-2675</a><br><a href="http://rhn.redhat.com/errata/RHSA-2015-2237.html" target="_blank">REDHAT</a><br><a href="http://www.openwall.com/lists/oss-security/2015/03/23/8" target="_blank">MLIST</a><br><a href="https://bugzilla.gnome.org/show_bug.cgi?id=742644" target="_blank">CONFIRM</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1183982" target="_blank">CONFIRM</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1199049" target="_blank">CONFIRM</a><br><a href="https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">gnu -- binutils</td><td style="text-align: left;" align="left">The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.</td><td style="text-align: center;" align="center">2017-08-19</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12967&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12967" target="_blank">CVE-2017-12967</a><br><a href="http://www.securityfocus.com/bid/100462" target="_blank">BID</a><br><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=21962" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">gnu -- pspp</td><td style="text-align: left;" align="left">There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12958&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12958" target="_blank">CVE-2017-12958</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1482429" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">gnu -- pspp</td><td style="text-align: left;" align="left">There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12959&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12959" target="_blank">CVE-2017-12959</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1482432" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">gnu -- pspp</td><td style="text-align: left;" align="left">There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12960&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12960" target="_blank">CVE-2017-12960</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1482433" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">gnu -- pspp</td><td style="text-align: left;" align="left">There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12961&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12961" target="_blank">CVE-2017-12961</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1482436" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35583675.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-0687&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0687" target="_blank">CVE-2017-0687</a><br><a href="http://www.securityfocus.com/bid/99478" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-08-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8254&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8254" target="_blank">CVE-2017-8254</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8256&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8256" target="_blank">CVE-2017-8256</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8257&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8257" target="_blank">CVE-2017-8257</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8260&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8260" target="_blank">CVE-2017-8260</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8261&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8261" target="_blank">CVE-2017-8261</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8265&vector=(AV:N/AC:H/Au:N/C:P/I:P/A:P)" target="_blank">5.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8265" target="_blank">CVE-2017-8265</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8266&vector=(AV:N/AC:H/Au:N/C:P/I:P/A:P)" target="_blank">5.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8266" target="_blank">CVE-2017-8266</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8270&vector=(AV:N/AC:H/Au:N/C:P/I:P/A:P)" target="_blank">5.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8270" target="_blank">CVE-2017-8270</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8272&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8272" target="_blank">CVE-2017-8272</a><br><a href="http://www.securityfocus.com/bid/99465" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-07-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9679&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9679" target="_blank">CVE-2017-9679</a><br><a href="http://www.securityfocus.com/bid/100210" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-06-01" target="_blank">CONFIRM</a><br><a href="https://source.android.com/security/bulletin/2017-08-01" target="_blank">MISC.</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9680&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9680" target="_blank">CVE-2017-9680</a><br><a href="http://www.securityfocus.com/bid/100210" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-06-01" target="_blank">CONFIRM</a><br><a href="https://source.android.com/security/bulletin/2017-08-01" target="_blank">MISC.</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick</td><td style="text-align: left;" align="left">The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12935&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12935" target="_blank">CVE-2017-12935</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188" target="_blank">MISC</a><br><a href="https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-invalid-memory-read-in-setimagecolorcallback-image-c/" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick</td><td style="text-align: left;" align="left">The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12936&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12936" target="_blank">CVE-2017-12936</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd" target="_blank">MISC</a><br><a href="https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c/" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick</td><td style="text-align: left;" align="left">The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12937&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12937" target="_blank">CVE-2017-12937</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978" target="_blank">MISC</a><br><a href="http://www.securityfocus.com/bid/100442" target="_blank">BID</a><br><a href="https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick</td><td style="text-align: left;" align="left">GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13063&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13063" target="_blank">CVE-2017-13063</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a" target="_blank">CONFIRM</a><br><a href="https://sourceforge.net/p/graphicsmagick/bugs/434/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick</td><td style="text-align: left;" align="left">GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13064&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13064" target="_blank">CVE-2017-13064</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/100474" target="_blank">BID</a><br><a href="https://sourceforge.net/p/graphicsmagick/bugs/436/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick</td><td style="text-align: left;" align="left">GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13065&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13065" target="_blank">CVE-2017-13065</a><br><a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a" target="_blank">CONFIRM</a><br><a href="https://sourceforge.net/p/graphicsmagick/bugs/435/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick</td><td style="text-align: left;" align="left">GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13066&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13066" target="_blank">CVE-2017-13066</a><br><a href="http://www.securityfocus.com/bid/100463" target="_blank">BID</a><br><a href="https://sourceforge.net/p/graphicsmagick/bugs/430/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick</td><td style="text-align: left;" align="left">In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13147&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13147" target="_blank">CVE-2017-13147</a><br><a href="https://sourceforge.net/p/graphicsmagick/bugs/446/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">graphicsmagick -- graphicsmagick</td><td style="text-align: left;" align="left">In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13648&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13648" target="_blank">CVE-2017-13648</a><br><a href="https://sourceforge.net/p/graphicsmagick/bugs/433/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- security_network_protection_4100_firmware</td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-6189&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6189" target="_blank">CVE-2014-6189</a><br><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21697248" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/73940" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- websphere_application_server</td><td style="text-align: left;" align="left">IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1501&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1501" target="_blank">CVE-2017-1501</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22006810" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/100394" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1039199" target="_blank">SECTRACK</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/129576" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">igniterealtime -- openfire</td><td style="text-align: left;" align="left">OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-3451&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3451" target="_blank">CVE-2014-3451</a><br><a href="http://packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html" target="_blank">MISC</a><br><a href="http://www.openwall.com/lists/oss-security/2015/04/23/16" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/archive/1/archive/1/535363/100/1100/threaded" target="_blank">BUGTRAQ</a><br><a href="http://www.securityfocus.com/bid/74305" target="_blank">BID</a><br><a href="https://community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12983&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12983" target="_blank">CVE-2017-12983</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/682" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13058&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13058" target="_blank">CVE-2017-13058</a><br><a href="http://www.securityfocus.com/bid/100468" target="_blank">BID</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/666" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13059&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13059" target="_blank">CVE-2017-13059</a><br><a href="http://www.securityfocus.com/bid/100457" target="_blank">BID</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/667" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13060&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13060" target="_blank">CVE-2017-13060</a><br><a href="http://www.securityfocus.com/bid/100469" target="_blank">BID</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/644" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13061&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13061" target="_blank">CVE-2017-13061</a><br><a href="http://www.securityfocus.com/bid/100481" target="_blank">BID</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/645" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13062&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13062" target="_blank">CVE-2017-13062</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/669" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13131&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13131" target="_blank">CVE-2017-13131</a><br><a href="http://www.securityfocus.com/bid/100478" target="_blank">BID</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/676" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13132&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13132" target="_blank">CVE-2017-13132</a><br><a href="http://www.securityfocus.com/bid/100458" target="_blank">BID</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/674" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13134&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13134" target="_blank">CVE-2017-13134</a><br><a href="http://www.securityfocus.com/bid/100476" target="_blank">BID</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/670" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13140&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13140" target="_blank">CVE-2017-13140</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870111" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/596" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13141&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13141" target="_blank">CVE-2017-13141</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/600" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13142&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13142" target="_blank">CVE-2017-13142</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870105" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13143&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13143" target="_blank">CVE-2017-13143</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870012" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/362" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13144&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13144" target="_blank">CVE-2017-13144</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869728" target="_blank">CONFIRM</a><br><a href="https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13145&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13145" target="_blank">CVE-2017-13145</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869830" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/ac23b02ecb741e5de60f5235ea443790c88a0b80" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/501" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13146&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13146" target="_blank">CVE-2017-13146</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870013" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">imagemagick -- imagemagick</td><td style="text-align: left;" align="left">In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13658&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13658" target="_blank">CVE-2017-13658</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870019" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89" target="_blank">CONFIRM</a><br><a href="https://github.com/ImageMagick/ImageMagick/issues/598" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">libsass -- libsass</td><td style="text-align: left;" align="left">There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12962&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12962" target="_blank">CVE-2017-12962</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1482331" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">libsass -- libsass</td><td style="text-align: left;" align="left">There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24).</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12963&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12963" target="_blank">CVE-2017-12963</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1482335" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">libtiff -- libtiff</td><td style="text-align: left;" align="left">The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12944&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12944" target="_blank">CVE-2017-12944</a><br><a href="http://bugzilla.maptools.org/show_bug.cgi?id=2725" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">netapp -- clustered_data_ontap</td><td style="text-align: left;" align="left">Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12420&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12420" target="_blank">CVE-2017-12420</a><br><a href="http://www.securityfocus.com/bid/100429" target="_blank">BID</a><br><a href="https://kb.netapp.com/support/s/article/NTAP-20170814-0001" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">netapp -- data_ontap</td><td style="text-align: left;" align="left">NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12859&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12859" target="_blank">CVE-2017-12859</a><br><a href="http://www.securityfocus.com/bid/100417" target="_blank">BID</a><br><a href="https://kb.netapp.com/support/s/article/NTAP-20170815-0002" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">nexusphp_project -- nexusphp</td><td style="text-align: left;" align="left">Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12680&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12680" target="_blank">CVE-2017-12680</a><br><a href="http://www.lsafe.org/cve.txt" target="_blank">MISC</a><br><a href="http://www.securityfocus.com/bid/100424" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">nongnu -- icoutils</td><td style="text-align: left;" align="left">Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5208&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5208" target="_blank">CVE-2017-5208</a><br><a href="http://www.openwall.com/lists/oss-security/2017/01/08/5" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/95315" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1411251" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">open-uri-cached_project -- open-uri-cached</td><td style="text-align: left;" align="left">The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3649&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">4.6</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3649" target="_blank">CVE-2015-3649</a><br><a href="http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/" target="_blank">MISC</a><br><a href="http://www.openwall.com/lists/oss-security/2015/05/06/2" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/74469" target="_blank">BID</a><br><a href="https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115" target="_blank">MISC</a><br><a href="https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25" target="_blank">MISC</a><br><a href="https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">paessler -- prtg_network_monitor</td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9816&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9816" target="_blank">CVE-2017-9816</a><br><a href="https://www.paessler.com/prtg/history/stable" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">phpmywind -- phpmywind</td><td style="text-align: left;" align="left">PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12984&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12984" target="_blank">CVE-2017-12984</a><br><a href="http://www.yuag.org/2016/08/17/phpmywind_5-3%E5%AD%98%E5%82%A8%E5%9E%8Bxss/" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">podlove -- podlove_podcast_publisher</td><td style="text-align: left;" align="left">lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12949&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12949" target="_blank">CVE-2017-12949</a><br><a href="http://www.defensecode.com/advisories/DC-2017-05-006_WordPress_Podlove_Podcast_Publisher_Plugin_Advisory.pdf" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">pressforward -- pressforward</td><td style="text-align: left;" align="left">Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12948&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12948" target="_blank">CVE-2017-12948</a><br><a href="http://www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdf" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">pulp_project -- pulp</td><td style="text-align: left;" align="left">Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5153&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P)" target="_blank">6.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5153" target="_blank">CVE-2015-5153</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1243526" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">qodeinteractive -- bridge</td><td style="text-align: left;" align="left">DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13138&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank">4.3</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13138" target="_blank">CVE-2017-13138</a><br><a href="http://bridge.qodeinteractive.com/change-log/" target="_blank">MISC</a><br><a href="http://imgur.com/a/OT9vl" target="_blank">MISC</a><br><a href="https://wpvulndb.com/vulnerabilities/8892" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">razerone -- synapse</td><td style="text-align: left;" align="left">Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11652&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">4.6</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11652" target="_blank">CVE-2017-11652</a><br><a href="http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">razerone -- synapse</td><td style="text-align: left;" align="left">Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11653&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P)" target="_blank">4.6</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11653" target="_blank">CVE-2017-11653</a><br><a href="http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">resiprocate -- resiprocate</td><td style="text-align: left;" align="left">Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9454&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9454" target="_blank">CVE-2017-9454</a><br><a href="https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df" target="_blank">CONFIRM</a><br><a href="https://list.resiprocate.org/archive/resiprocate-users/msg02700.html" target="_blank">MLIST</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">spring_batch_admin_project -- spring_batch_admin</td><td style="text-align: left;" align="left">Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12881&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12881" target="_blank">CVE-2017-12881</a><br><a href="http://www.openwall.com/lists/oss-security/2017/08/16/5" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/100410" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">strongswan -- strongswan</td><td style="text-align: left;" align="left">The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11185&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11185" target="_blank">CVE-2017-11185</a><br><a href="http://www.securityfocus.com/bid/100492" target="_blank">BID</a><br><a href="https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">tomaxcom -- r60g_firmware</td><td style="text-align: left;" align="left">ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12589&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank">6.8</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12589" target="_blank">CVE-2017-12589</a><br><a href="http://www.securityfocus.com/bid/100438" target="_blank">BID</a><br><a href="https://iscouncil.blogspot.com/2017/08/cross-site-request-forgery_11.html" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">wago -- wago_i/o_plc_758-870_firmware</td><td style="text-align: left;" align="left">WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-6472&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)" target="_blank">5.0</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6472" target="_blank">CVE-2015-6472</a><br><a href="http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2016/Mar/4" target="_blank">FULLDISC</a><br><a href="http://www.securityfocus.com/bid/84138" target="_blank">BID</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a></div><p><a id="ox-18fc54db99-low" name="low" class="mce-item-anchor"></a> </p><div id="ox-18fc54db99-low_v"><h2 id="ox-18fc54db99-low_v_title">Low Vulnerabilities</h2><table border="1" summary="Low Vulnerabilities" align="center"><thead><tr><th class="ox-18fc54db99-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">asus -- dsl-n10s_firmware</td><td style="text-align: left;" align="left">ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12591&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12591" target="_blank">CVE-2017-12591</a><br><a href="https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">cacti -- cacti</td><td style="text-align: left;" align="left">lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12978&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12978" target="_blank">CVE-2017-12978</a><br><a href="http://www.securitytracker.com/id/1039226" target="_blank">SECTRACK</a><br><a href="https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG" target="_blank">CONFIRM</a><br><a href="https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24" target="_blank">CONFIRM</a><br><a href="https://github.com/Cacti/cacti/issues/918" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">google -- android</td><td style="text-align: left;" align="left">In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9682&vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N)" target="_blank">2.6</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9682" target="_blank">CVE-2017-9682</a><br><a href="http://www.securityfocus.com/bid/100213" target="_blank">BID</a><br><a href="https://source.android.com/security/bulletin/2017-06-01" target="_blank">CONFIRM</a><br><a href="https://source.android.com/security/bulletin/2017-08-01" target="_blank">MISC.</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- rational_requirements_composer</td><td style="text-align: left;" align="left">IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1338&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1338" target="_blank">CVE-2017-1338</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22004138" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/100353" target="_blank">BID</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/126246" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">qemu -- qemu</td><td style="text-align: left;" align="left">QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12809&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:P)" target="_blank">2.1</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12809" target="_blank">CVE-2017-12809</a><br><a href="http://www.openwall.com/lists/oss-security/2017/08/21/2" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/100451" target="_blank">BID</a><br><a href="https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html" target="_blank">MLIST</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">spring_batch_admin_project -- spring_batch_admin</td><td style="text-align: left;" align="left">Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center"><a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12882&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N)" target="_blank">3.5</a></td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12882" target="_blank">CVE-2017-12882</a><br><a href="http://www.openwall.com/lists/oss-security/2017/08/16/5" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/100410" target="_blank">BID</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a></div><p><a id="ox-18fc54db99-severity_not_yet_assigned" name="severity_not_yet_assigned" class="mce-item-anchor"></a> </p><div id="ox-18fc54db99-snya_v"><h2 id="ox-18fc54db99-snya_v_title">Severity Not Yet Assigned</h2><table id="ox-18fc54db99-table_severity_not_yet_assigned" border="1" summary="Severity Not Yet Assigned" align="center"><thead><tr><th class="ox-18fc54db99-vendor-product" style="width: 24%;" scope="col">Primary<br>Vendor -- Product</th><th style="width: 44%;" scope="col">Description</th><th style="width: 8%;" scope="col">Published</th><th style="width: 4%;" scope="col">CVSS Score</th><th style="width: 10%;" scope="col">Source & Patch Info</th></tr></thead><tbody><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">accellion -- file_transfer_appliance<br> </td><td style="text-align: left;" align="left">Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2857" target="_blank">CVE-2015-2857</a><br><a href="http://packetstormsecurity.com/files/132665/Accellion-FTA-getStatus-verify_oauth_token-Command-Execution.html" target="_blank">MISC</a><br><a href="http://www.rapid7.com/db/modules/exploit/linux/http/accellion_fta_getstatus_oauth" target="_blank">MISC</a><br><a href="https://community.rapid7.com/community/metasploit/blog/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857" target="_blank">MISC</a><br><a href="https://www.exploit-db.com/exploits/37597/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">apache -- pony_mail<br> </td><td style="text-align: left;" align="left">Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4460" target="_blank">CVE-2016-4460</a><br><a href="http://markmail.org/message/jy7o23cppny26icu" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/100449" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- crucible<br> </td><td style="text-align: left;" align="left">The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9509" target="_blank">CVE-2017-9509</a><br><a href="https://cwe.mitre.org/data/definitions/79.html" target="_blank">MISC</a><br><a href="https://jira.atlassian.com/browse/CRUC-8046" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- crucible<br> </td><td style="text-align: left;" align="left">The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9507" target="_blank">CVE-2017-9507</a><br><a href="https://cwe.mitre.org/data/definitions/79.html" target="_blank">MISC</a><br><a href="https://jira.atlassian.com/browse/CRUC-8043" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- fisheye_and_crucible<br> </td><td style="text-align: left;" align="left">The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9512" target="_blank">CVE-2017-9512</a><br><a href="https://cwe.mitre.org/data/definitions/284.html" target="_blank">MISC</a><br><a href="https://jira.atlassian.com/browse/CRUC-8053" target="_blank">MISC</a><br><a href="https://jira.atlassian.com/browse/FE-6892" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- fisheye_and_crucible<br> </td><td style="text-align: left;" align="left">The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9511" target="_blank">CVE-2017-9511</a><br><a href="https://cwe.mitre.org/data/definitions/22.html" target="_blank">MISC</a><br><a href="https://jira.atlassian.com/browse/CRUC-8049" target="_blank">MISC</a><br><a href="https://jira.atlassian.com/browse/FE-6891" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- fisheye_and_crucible<br> </td><td style="text-align: left;" align="left">Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9508" target="_blank">CVE-2017-9508</a><br><a href="https://cwe.mitre.org/data/definitions/79.html" target="_blank">MISC</a><br><a href="https://jira.atlassian.com/browse/CRUC-8044" target="_blank">MISC</a><br><a href="https://jira.atlassian.com/browse/FE-6898" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- fisheye<br> </td><td style="text-align: left;" align="left">The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9510" target="_blank">CVE-2017-9510</a><br><a href="https://cwe.mitre.org/data/definitions/79.html" target="_blank">MISC</a><br><a href="https://jira.atlassian.com/browse/FE-6890" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">atlassian -- oauth_plugin<br> </td><td style="text-align: left;" align="left">The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9506" target="_blank">CVE-2017-9506</a><br><a href="https://cwe.mitre.org/data/definitions/918.html" target="_blank">MISC</a><br><a href="https://ecosystem.atlassian.net/browse/OAUTH-344" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">automated_logic_corporation -- alc_webctrl<br> </td><td style="text-align: left;" align="left">A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9640" target="_blank">CVE-2017-9640</a><br><a href="http://www.securityfocus.com/bid/100452" target="_blank">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">automated_logic_corporation -- alc_webctrl<br> </td><td style="text-align: left;" align="left">An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9650" target="_blank">CVE-2017-9650</a><br><a href="http://www.securityfocus.com/bid/100452" target="_blank">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01" target="_blank">MISC</a><br><a href="https://www.exploit-db.com/exploits/42544/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">automated_logic_corporation -- alc_webctrl<br> </td><td style="text-align: left;" align="left">An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9644" target="_blank">CVE-2017-9644</a><br><a href="http://www.securityfocus.com/bid/100454" target="_blank">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01" target="_blank">MISC</a><br><a href="https://www.exploit-db.com/exploits/42542/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">bitrix -- bitrix<br> </td><td style="text-align: left;" align="left">Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8355" target="_blank">CVE-2015-8355</a><br><a href="http://www.securityfocus.com/archive/1/archive/1/537130/100/0/threaded" target="_blank">BUGTRAQ</a><br><a href="https://www.htbridge.com/advisory/HTB23280" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">bmc_patrol -- bmc_patrol<br> </td><td style="text-align: left;" align="left">mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13130" target="_blank">CVE-2017-13130</a><br><a href="https://github.com/itm4n/bmc-patrol-mcmnm-privesc" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">cloud4wi -- cloud4wi<br> </td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4699" target="_blank">CVE-2015-4699</a><br><a href="http://seclists.org/fulldisclosure/2015/Dec/48" target="_blank">FULLDISC</a><br><a href="http://www.quantumleap.it/cloud4wi-splash-portal-reflected-xss-vulnerability-cve-2015-4699/" target="_blank">MISC</a><br><a href="https://cloud4wi.zendesk.com/hc/en-us/articles/204956829-Cloud4Wi-5-9-7-Release-Note" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">cloud_foundry_foundation -- capi<br> </td><td style="text-align: left;" align="left">In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8037" target="_blank">CVE-2017-8037</a><br><a href="https://www.cloudfoundry.org/cve-2017-8037/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">codiad -- codiad<br> </td><td style="text-align: left;" align="left">components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.</td><td style="text-align: center;" align="center">2017-08-20</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11366" target="_blank">CVE-2017-11366</a><br><a href="http://www.jianshu.com/p/41ac7ac2a7af" target="_blank">MISC</a><br><a href="https://github.com/Codiad/Codiad/issues/1011" target="_blank">MISC</a><br><a href="https://github.com/Codiad/Codiad/pull/1013" target="_blank">MISC</a><br><a href="https://github.com/Codiad/Codiad/pull/1013/commits/b3645b4c6718cef6de7003f41aafe7bfcc0395d1" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">connect2id -- nimbus_jose+jwt<br> </td><td style="text-align: left;" align="left">Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.</td><td style="text-align: center;" align="center">2017-08-20</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12974" target="_blank">CVE-2017-12974</a><br><a href="https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f" target="_blank">CONFIRM</a><br><a href="https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve" target="_blank">CONFIRM</a><br><a href="https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">connect2id -- nimbus_jose+jwt<br> </td><td style="text-align: left;" align="left">In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.</td><td style="text-align: center;" align="center">2017-08-20</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12972" target="_blank">CVE-2017-12972</a><br><a href="https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c" target="_blank">CONFIRM</a><br><a href="https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc" target="_blank">CONFIRM</a><br><a href="https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">connect2id -- nimbus_jose+jwt<br> </td><td style="text-align: left;" align="left">Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.</td><td style="text-align: center;" align="center">2017-08-20</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12973" target="_blank">CVE-2017-12973</a><br><a href="https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912" target="_blank">CONFIRM</a><br><a href="https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac" target="_blank">CONFIRM</a><br><a href="https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">d-link -- d-link_firmware</td><td style="text-align: left;" align="left">D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allows remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7857" target="_blank">CVE-2014-7857</a><br><a href="http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2015/May/125" target="_blank">FULLDISC</a><br><a href="http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/archive/1/archive/1/535626/100/200/threaded" target="_blank">BUGTRAQ</a><br><a href="http://www.securityfocus.com/bid/74880" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">d-link -- d-link_firmware</td><td style="text-align: left;" align="left">The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7860" target="_blank">CVE-2014-7860</a><br><a href="http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2015/May/125" target="_blank">FULLDISC</a><br><a href="http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/archive/1/archive/1/535626/100/200/threaded" target="_blank">BUGTRAQ</a><br><a href="http://www.securityfocus.com/bid/74884" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">d-link -- d-link_firmware</td><td style="text-align: left;" align="left">The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7858" target="_blank">CVE-2014-7858</a><br><a href="http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2015/May/125" target="_blank">FULLDISC</a><br><a href="http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/archive/1/archive/1/535626/100/200/threaded" target="_blank">BUGTRAQ</a><br><a href="http://www.securityfocus.com/bid/74886" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">d-link -- d-link_firmware<br> </td><td style="text-align: left;" align="left">Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7859" target="_blank">CVE-2014-7859</a><br><a href="http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2015/May/125" target="_blank">FULLDISC</a><br><a href="http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/archive/1/archive/1/535626/100/200/threaded" target="_blank">BUGTRAQ</a><br><a href="http://www.securityfocus.com/bid/74878" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">dayrui_finecms -- dayrui_finecms<br> </td><td style="text-align: left;" align="left">controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13697" target="_blank">CVE-2017-13697</a><br><a href="http://www.bendawang.site/article/The-latest-version-of-finecms-unlimited-XSS" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">dnsdist -- dnsdist<br> </td><td style="text-align: left;" align="left">dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7557" target="_blank">CVE-2017-7557</a><br><a href="https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">fortinet -- fortimanager<br> </td><td style="text-align: left;" align="left">Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3617" target="_blank">CVE-2015-3617</a><br><a href="http://www.securityfocus.com/bid/74444" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1032188" target="_blank">SECTRACK</a><br><a href="https://fortiguard.com/psirt/FG-IR-15-011" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">git-annex -- git-annex<br> </td><td style="text-align: left;" align="left">git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.</td><td style="text-align: center;" align="center">2017-08-20</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12976" target="_blank">CVE-2017-12976</a><br><a href="http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn" target="_blank">CONFIRM</a><br><a href="http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a" target="_blank">CONFIRM</a><br><a href="http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">gnu -- gnu<br> </td><td style="text-align: left;" align="left">Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1395" target="_blank">CVE-2015-1395</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html" target="_blank">FEDORA</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html" target="_blank">FEDORA</a><br><a href="http://www.openwall.com/lists/oss-security/2015/01/27/28" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/72846" target="_blank">BID</a><br><a href="http://www.ubuntu.com/usn/USN-2651-1" target="_blank">UBUNTU</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873" target="_blank">MISC</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1184490" target="_blank">CONFIRM</a><br><a href="https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd" target="_blank">CONFIRM</a><br><a href="https://savannah.gnu.org/bugs/?44059" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">gnu -- gnu<br> </td><td style="text-align: left;" align="left">GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9637" target="_blank">CVE-2014-9637</a><br><a href="http://advisories.mageia.org/MGASA-2015-0068.html" target="_blank">CONFIRM</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html" target="_blank">FEDORA</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html" target="_blank">FEDORA</a><br><a href="http://www.openwall.com/lists/oss-security/2015/01/22/7" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/72286" target="_blank">BID</a><br><a href="http://www.ubuntu.com/usn/USN-2651-1" target="_blank">UBUNTU</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1185262" target="_blank">CONFIRM</a><br><a href="https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944" target="_blank">CONFIRM</a><br><a href="https://savannah.gnu.org/bugs/?44051" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left"><p>ibm -- flex_system_en6131_ethernet_and_ib6131_infiniband_switch_firmware</p><br> </td><td style="text-align: left;" align="left">CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9564" target="_blank">CVE-2014-9564</a><br><a href="http://www.securityfocus.com/bid/74931" target="_blank">BID</a><br><a href="https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">ibm -- maas360_dtm<br> </td><td style="text-align: left;" align="left">IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1422" target="_blank">CVE-2017-1422</a><br><a href="http://www.ibm.com/support/docview.wss?uid=swg22006985" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/100415" target="_blank">BID</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/127412" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">icewarp -- icewarp_mail_server<br> </td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12844" target="_blank">CVE-2017-12844</a><br><a href="https://youtu.be/MI4dhEia1d4" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">kaspersky -- kaspersky_internet_security_for_android<br> </td><td style="text-align: left;" align="left">In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12817" target="_blank">CVE-2017-12817</a><br><a href="https://support.kaspersky.com/vulnerability.aspx?el=12430#090817" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">kaspersky -- kaspersky_internet_security_for_android<br> </td><td style="text-align: left;" align="left">In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12816" target="_blank">CVE-2017-12816</a><br><a href="https://support.kaspersky.com/vulnerability.aspx?el=12430#090817" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">linux -- kernal<br> </td><td style="text-align: left;" align="left">Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.</td><td style="text-align: center;" align="center">2017-08-19</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10661" target="_blank">CVE-2017-10661</a><br><a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6" target="_blank">CONFIRM</a><br><a href="http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15" target="_blank">CONFIRM</a><br><a href="http://www.securityfocus.com/bid/100215" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1481136" target="_blank">CONFIRM</a><br><a href="https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6" target="_blank">CONFIRM</a><br><a href="https://source.android.com/security/bulletin/2017-08-01" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">linux -- kernel</td><td style="text-align: left;" align="left">The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13694" target="_blank">CVE-2017-13694</a><br><a href="https://github.com/acpica/acpica/pull/278/commits/4a0243ecb4c94e2d73510d096c5ea4d0711fc6c0" target="_blank">MISC</a><br><a href="https://patchwork.kernel.org/patch/9806085/" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">linux -- kernel<br> </td><td style="text-align: left;" align="left">The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13693" target="_blank">CVE-2017-13693</a><br><a href="https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732" target="_blank">MISC</a><br><a href="https://patchwork.kernel.org/patch/9919053/" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">linux -- kernel<br> </td><td style="text-align: left;" align="left">net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13686" target="_blank">CVE-2017-13686</a><br><a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205" target="_blank">CONFIRM</a><br><a href="https://github.com/torvalds/linux/commit/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">linux -- kernel<br> </td><td style="text-align: left;" align="left">The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13695" target="_blank">CVE-2017-13695</a><br><a href="https://github.com/acpica/acpica/pull/296/commits/37f2c716f2c6ab14c3ba557a539c3ee3224931b5" target="_blank">MISC</a><br><a href="https://patchwork.kernel.org/patch/9850567/" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">lxdm -- lxdm<br> </td><td style="text-align: left;" align="left">LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8308" target="_blank">CVE-2015-8308</a><br><a href="http://www.openwall.com/lists/oss-security/2015/11/20/6" target="_blank">MLIST</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1284460" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">micro_focus -- enterprise_developer_and_enterprise_server<br> </td><td style="text-align: left;" align="left">A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5187" target="_blank">CVE-2017-5187</a><br><a href="https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">micro_focus -- enterprise_developer_and_enterprise_server<br> </td><td style="text-align: left;" align="left">Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7421" target="_blank">CVE-2017-7421</a><br><a href="https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">micro_focus -- enterprise_developer_and_enterprise_server<br> </td><td style="text-align: left;" align="left">A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7423" target="_blank">CVE-2017-7423</a><br><a href="https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">micro_focus -- enterprise_developer_and_enterprise_server<br> </td><td style="text-align: left;" align="left">An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7420" target="_blank">CVE-2017-7420</a><br><a href="https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">micro_focus -- enterprise_developer_and_enterprise_server<br> </td><td style="text-align: left;" align="left">A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7424" target="_blank">CVE-2017-7424</a><br><a href="https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">micro_focus -- enterprise_developer_and_enterprise_server<br> </td><td style="text-align: left;" align="left">Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7422" target="_blank">CVE-2017-7422</a><br><a href="https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">misp -- misp<br> </td><td style="text-align: left;" align="left">app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13671" target="_blank">CVE-2017-13671</a><br><a href="https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">mktexlsr -- mktexlsr<br> </td><td style="text-align: left;" align="left">mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5701" target="_blank">CVE-2015-5701</a><br><a href="http://www.openwall.com/lists/oss-security/2015/07/30/6" target="_blank">MLIST</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139" target="_blank">MISC</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1181167" target="_blank">CONFIRM</a><br><a href="https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885" target="_blank">CONFIRM</a><br><a href="https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">mktexlsr -- mktexlsr<br> </td><td style="text-align: left;" align="left">mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5700" target="_blank">CVE-2015-5700</a><br><a href="http://www.openwall.com/lists/oss-security/2015/07/30/6" target="_blank">MLIST</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139" target="_blank">MISC</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1181167" target="_blank">CONFIRM</a><br><a href="https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885" target="_blank">CONFIRM</a><br><a href="https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">mrd-305-din -- mrd-305-din<br> </td><td style="text-align: left;" align="left">A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5816" target="_blank">CVE-2016-5816</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">multicoreware -- multicoreware<br> </td><td style="text-align: left;" align="left">An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13666" target="_blank">CVE-2017-13666</a><br><a href="https://bitbucket.org/multicoreware/x265/issues/364/integer-overflow-and-affect-top-level" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">nagios -- nagios_core<br> </td><td style="text-align: left;" align="left">Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12847" target="_blank">CVE-2017-12847</a><br><a href="http://www.securityfocus.com/bid/100403" target="_blank">BID</a><br><a href="https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog" target="_blank">CONFIRM</a><br><a href="https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752" target="_blank">CONFIRM</a><br><a href="https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb" target="_blank">CONFIRM</a><br><a href="https://github.com/NagiosEnterprises/nagioscore/issues/404" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">newsbeuter -- newsbeuter<br> </td><td style="text-align: left;" align="left">Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12904" target="_blank">CVE-2017-12904</a><br><a href="http://www.debian.org/security/2017/dsa-3947" target="_blank">DEBIAN</a><br><a href="https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307" target="_blank">CONFIRM</a><br><a href="https://github.com/akrennmair/newsbeuter/issues/591" target="_blank">CONFIRM</a><br><a href="https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE" target="_blank">MLIST</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">nexusphp -- nexusphp<br> </td><td style="text-align: left;" align="left">SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12679" target="_blank">CVE-2017-12679</a><br><a href="https://github.com/bingtanguan/cve/blob/master/201701" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">nexusphp -- nexusphp<br> </td><td style="text-align: left;" align="left">SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13669" target="_blank">CVE-2017-13669</a><br><a href="https://github.com/bingtanguan/cve/blob/master/201701" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">noviware -- noviware<br> </td><td style="text-align: left;" align="left">A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12787" target="_blank">CVE-2017-12787</a><br><a href="https://www.exploit-db.com/exploits/42518/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">noviware -- noviware<br> </td><td style="text-align: left;" align="left">Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12786" target="_blank">CVE-2017-12786</a><br><a href="https://www.exploit-db.com/exploits/42518/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">noviware -- noviware<br> </td><td style="text-align: left;" align="left">The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12785" target="_blank">CVE-2017-12785</a><br><a href="https://www.exploit-db.com/exploits/42518/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">ntp -- ntp<br> </td><td style="text-align: left;" align="left">ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5146" target="_blank">CVE-2015-5146</a><br><a href="http://bugs.ntp.org/show_bug.cgi?id=2853" target="_blank">CONFIRM</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html" target="_blank">FEDORA</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html" target="_blank">FEDORA</a><br><a href="http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html" target="_blank">FEDORA</a><br><a href="http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu" target="_blank">CONFIRM</a><br><a href="http://www.debian.org/security/2015/dsa-3388" target="_blank">DEBIAN</a><br><a href="http://www.securityfocus.com/bid/75589" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1034168" target="_blank">SECTRACK</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1238136" target="_blank">CONFIRM</a><br><a href="https://security.gentoo.org/glsa/201509-01" target="_blank">GENTOO</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">onos -- onos<br> </td><td style="text-align: left;" align="left">ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7516" target="_blank">CVE-2015-7516</a><br><a href="http://www.openwall.com/lists/oss-security/2015/11/26/1" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/77752" target="_blank">BID</a><br><a target="_blank">MISC</a><br><a target="_blank">CONFIRM</a><br><a target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">openjpeg -- openjpeg<br> </td><td style="text-align: left;" align="left">The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12982" target="_blank">CVE-2017-12982</a><br><a href="https://blogs.gentoo.org/ago/2017/08/14/openjpeg-memory-allocation-failure-in-opj_aligned_alloc_n-opj_malloc-c/" target="_blank">MISC</a><br><a href="https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7" target="_blank">MISC</a><br><a href="https://github.com/uclouvain/openjpeg/issues/983" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">openstack -- ocata_and_newton<br> </td><td style="text-align: left;" align="left">Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12440" target="_blank">CVE-2017-12440</a><br><a href="http://www.securityfocus.com/bid/100455" target="_blank">BID</a><br><a href="https://bugs.launchpad.net/ossn/+bug/1649333" target="_blank">CONFIRM</a><br><a href="https://review.openstack.org/#/c/493823/" target="_blank">CONFIRM</a><br><a href="https://review.openstack.org/#/c/493824/" target="_blank">CONFIRM</a><br><a href="https://review.openstack.org/#/c/493826/" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">openstack-tripleo-image-elements -- openstack-tripleo-image-elements<br> </td><td style="text-align: left;" align="left">HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2102" target="_blank">CVE-2016-2102</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1311145" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">osisoft -- pi_web_api<br> </td><td style="text-align: left;" align="left">An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7930" target="_blank">CVE-2017-7930</a><br><a href="http://www.securityfocus.com/bid/99059" target="_blank">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-17-164-02" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">osisoft -- pi_web_api<br> </td><td style="text-align: left;" align="left">An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7934" target="_blank">CVE-2017-7934</a><br><a href="http://www.securityfocus.com/bid/99059" target="_blank">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-17-164-02" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">osisoft -- pi_web_api<br> </td><td style="text-align: left;" align="left">A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7926" target="_blank">CVE-2017-7926</a><br><a href="http://www.securityfocus.com/bid/99058" target="_blank">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-17-164-03" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">paessler -- prtg_network_monitor<br> </td><td style="text-align: left;" align="left">Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12879" target="_blank">CVE-2017-12879</a><br><a href="https://drive.google.com/open?id=0B6WbMqXSfqQFODZHUGtLdzU3eDA" target="_blank">MISC</a><br><a href="https://www.paessler.com/prtg/history/preview" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">php-fpm -- php-fpm<br> </td><td style="text-align: left;" align="left">php-fpm allows local users to write to or create arbitrary files via a symlink attack.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3211" target="_blank">CVE-2015-3211</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1228721" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">phpmybackuppro -- phpmybackuppro<br> </td><td style="text-align: left;" align="left">Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4181" target="_blank">CVE-2015-4181</a><br><a href="http://www.openwall.com/lists/oss-security/2015/06/04/10" target="_blank">MLIST</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">phpmybackuppro -- phpmybackuppro<br> </td><td style="text-align: left;" align="left">Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4180" target="_blank">CVE-2015-4180</a><br><a href="http://www.openwall.com/lists/oss-security/2015/06/04/10" target="_blank">MLIST</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">polycom -- multiple_products<br> </td><td style="text-align: left;" align="left">Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12857" target="_blank">CVE-2017-12857</a><br><a href="http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">pyjwt -- pyjwt<br> </td><td style="text-align: left;" align="left">In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11424" target="_blank">CVE-2017-11424</a><br><a href="https://github.com/jpadilla/pyjwt/pull/277" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">python -- kerberos<br> </td><td style="text-align: left;" align="left">The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3206" target="_blank">CVE-2015-3206</a><br><a href="http://www.openwall.com/lists/oss-security/2015/05/21/3" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/74760" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1223802" target="_blank">CONFIRM</a><br><a href="https://github.com/apple/ccs-pykerberos/issues/31" target="_blank">CONFIRM</a><br><a href="https://pypi.python.org/pypi/kerberos" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">python -- python<br> </td><td style="text-align: left;" align="left">Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4616" target="_blank">CVE-2014-4616</a><br><a href="http://bugs.python.org/issue21529" target="_blank">CONFIRM</a><br><a href="http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html" target="_blank">SUSE</a><br><a href="http://openwall.com/lists/oss-security/2014/06/24/7" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/68119" target="_blank">BID</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395" target="_blank">MISC</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1112285" target="_blank">CONFIRM</a><br><a href="https://hackerone.com/reports/12297" target="_blank">MISC</a><br><a href="https://security.gentoo.org/glsa/201503-10" target="_blank">GENTOO</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">red_hat -- enterprise_virtualization_manager<br> </td><td style="text-align: left;" align="left">Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5293" target="_blank">CVE-2015-5293</a><br><a href="https://access.redhat.com/security/cve/CVE-2015-5293" target="_blank">CONFIRM</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1267714" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">red_hat -- jboss_enterprise_application_platform<br> </td><td style="text-align: left;" align="left">Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6311" target="_blank">CVE-2016-6311</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1362735" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">rhev -- rhev<br> </td><td style="text-align: left;" align="left">oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.</td><td style="text-align: center;" align="center">2017-08-22</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6310" target="_blank">CVE-2016-6310</a><br><a href="http://www.securityfocus.com/bid/92345" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1363738" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">riverbed -- opnet_app_response_xpert<br> </td><td style="text-align: left;" align="left">Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.</td><td style="text-align: center;" align="center">2017-08-26</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7693" target="_blank">CVE-2017-7693</a><br><a href="http://arthrocyber.com/research#finding_5" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">salt -- salt<br> </td><td style="text-align: left;" align="left">Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4017" target="_blank">CVE-2015-4017</a><br><a href="http://www.openwall.com/lists/oss-security/2015/05/19/2" target="_blank">MLIST</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1222960" target="_blank">CONFIRM</a><br><a href="https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html" target="_blank">CONFIRM</a><br><a href="https://groups.google.com/forum/#%21topic/salt-users/8Kv1bytGD6c" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">saltstack -- saltstack<br> </td><td style="text-align: left;" align="left">Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12791" target="_blank">CVE-2017-12791</a><br><a href="http://www.securityfocus.com/bid/100384" target="_blank">BID</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399" target="_blank">MISC</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1482006" target="_blank">MISC</a><br><a href="https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html" target="_blank">CONFIRM</a><br><a href="https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html" target="_blank">CONFIRM</a><br><a href="https://github.com/saltstack/salt/pull/42944" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left"><p>samsung -- galaxy_s4</p><br> </td><td style="text-align: left;" align="left">The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1800" target="_blank">CVE-2015-1800</a><br><a href="http://www.openwall.com/lists/oss-security/2015/09/21/13" target="_blank">MLIST</a><br><a href="http://www.openwall.com/lists/oss-security/2015/09/21/4" target="_blank">MLIST</a><br><a href="http://www.openwall.com/lists/oss-security/2015/09/22/18" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/76807" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left"><p>samsung -- galaxy_s4</p><br> </td><td style="text-align: left;" align="left">The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1801" target="_blank">CVE-2015-1801</a><br><a href="http://www.openwall.com/lists/oss-security/2015/09/21/13" target="_blank">MLIST</a><br><a href="http://www.openwall.com/lists/oss-security/2015/09/21/4" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/76807" target="_blank">BID</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">samsung -- galaxy_s6<br> </td><td style="text-align: left;" align="left">LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7896" target="_blank">CVE-2015-7896</a><br><a href="http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html" target="_blank">MISC</a><br><a href="http://www.securityfocus.com/bid/77425" target="_blank">BID</a><br><a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=498&redir=1" target="_blank">CONFIRM</a><br><a href="https://www.exploit-db.com/exploits/38612/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">spidercontrol -- scada_microbrowser<br> </td><td style="text-align: left;" align="left">A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12707" target="_blank">CVE-2017-12707</a><br><a href="http://www.securityfocus.com/bid/100453" target="_blank">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">spidercontrol -- scada_web_server<br> </td><td style="text-align: left;" align="left">A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12694" target="_blank">CVE-2017-12694</a><br><a href="http://www.securityfocus.com/bid/100456" target="_blank">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">supervisor -- supervisor<br> </td><td style="text-align: left;" align="left">The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11610" target="_blank">CVE-2017-11610</a><br><a href="http://www.debian.org/security/2017/dsa-3942" target="_blank">DEBIAN</a><br><a href="https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt" target="_blank">CONFIRM</a><br><a href="https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt" target="_blank">CONFIRM</a><br><a href="https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt" target="_blank">CONFIRM</a><br><a href="https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt" target="_blank">CONFIRM</a><br><a href="https://github.com/Supervisor/supervisor/issues/964" target="_blank">CONFIRM</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/" target="_blank">FEDORA</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/" target="_blank">FEDORA</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/" target="_blank">FEDORA</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">symantec -- vip_access_for_desktop<br> </td><td style="text-align: left;" align="left">Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application.</td><td style="text-align: center;" align="center">2017-08-21</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6329" target="_blank">CVE-2017-6329</a><br><a href="http://www.securityfocus.com/bid/100200" target="_blank">BID</a><br><a href="https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170821_00" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">synology -- photo_station_uploader<br> </td><td style="text-align: left;" align="left">Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11159" target="_blank">CVE-2017-11159</a><br><a href="https://www.synology.com/en-global/support/security/Synology_SA_17_45_Photo_Station_Uploader" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">synology -- photo_station<br> </td><td style="text-align: left;" align="left">Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9555" target="_blank">CVE-2017-9555</a><br><a href="https://www.synology.com/en-global/support/security/Synology_SA_17_47_Photo_Station" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">synology -- synology_dns_server<br> </td><td style="text-align: left;" align="left">Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12074" target="_blank">CVE-2017-12074</a><br><a href="https://www.synology.com/en-global/support/security/Synology_SA_17_46_DNS_Server" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">telerik -- telerik.web.ui<br> </td><td style="text-align: left;" align="left">Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11357" target="_blank">CVE-2017-11357</a><br><a href="http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-reference" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">telerik -- telerik.web.ui<br> </td><td style="text-align: left;" align="left">Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11317" target="_blank">CVE-2017-11317</a><br><a href="http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">tidy -- tidy<br> </td><td style="text-align: left;" align="left">In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13692" target="_blank">CVE-2017-13692</a><br><a href="https://github.com/htacg/tidy-html5/issues/588" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">ubuntu -- apport<br> </td><td style="text-align: left;" align="left">Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1325" target="_blank">CVE-2015-1325</a><br><a href="http://www.openwall.com/lists/oss-security/2015/05/21/10" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/74769" target="_blank">BID</a><br><a href="http://www.ubuntu.com/usn/USN-2609-1" target="_blank">UBUNTU</a><br><a href="https://www.exploit-db.com/exploits/37088/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">ubuntu -- apport<br> </td><td style="text-align: left;" align="left">apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1324" target="_blank">CVE-2015-1324</a><br><a href="http://www.securityfocus.com/bid/74767" target="_blank">BID</a><br><a href="http://www.ubuntu.com/usn/USN-2609-1" target="_blank">UBUNTU</a><br><a href="https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">ubuntu -- concurrent_versions_system<br> </td><td style="text-align: left;" align="left">CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12836" target="_blank">CVE-2017-12836</a><br><a href="http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html" target="_blank">MLIST</a><br><a href="http://www.debian.org/security/2017/dsa-3940" target="_blank">DEBIAN</a><br><a href="http://www.openwall.com/lists/oss-security/2017/08/11/1" target="_blank">MLIST</a><br><a href="http://www.openwall.com/lists/oss-security/2017/08/11/4" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/100279" target="_blank">BID</a><br><a href="http://www.ubuntu.com/usn/USN-3399-1" target="_blank">UBUNTU</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1480800" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">unity_technologies -- unity_editor<br> </td><td style="text-align: left;" align="left">A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.</td><td style="text-align: center;" align="center">2017-08-18</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12939" target="_blank">CVE-2017-12939</a><br><a href="http://www.securityfocus.com/bid/100444" target="_blank">BID</a><br><a href="https://unity3d.com/security#issues" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">unrealircd -- unrealircd<br> </td><td style="text-align: left;" align="left">UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13649" target="_blank">CVE-2017-13649</a><br><a href="https://bugs.unrealircd.org/view.php?id=4990" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">util-linux -- util-linux<br> </td><td style="text-align: left;" align="left">The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.</td><td style="text-align: center;" align="center">2017-08-23</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5224" target="_blank">CVE-2015-5224</a><br><a href="http://www.openwall.com/lists/oss-security/2015/08/24/3" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/76467" target="_blank">BID</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1256686" target="_blank">CONFIRM</a><br><a href="https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">westermo -- multiple_routers<br> </td><td style="text-align: left;" align="left">A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12709" target="_blank">CVE-2017-12709</a><br><a href="http://www.securityfocus.com/bid/100470" target="_blank">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">westermo -- multiple_routers<br> </td><td style="text-align: left;" align="left">A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12703" target="_blank">CVE-2017-12703</a><br><a href="http://www.securityfocus.com/bid/100470" target="_blank">BID</a><br><a href="https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">wordpress -- photo_gallery_plugin<br> </td><td style="text-align: left;" align="left">The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.</td><td style="text-align: center;" align="center">2017-08-20</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12977" target="_blank">CVE-2017-12977</a><br><a href="https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL" target="_blank">MISC</a><br><a href="https://wordpress.org/plugins/photo-gallery/#developers" target="_blank">MISC</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">xen -- xen<br> </td><td style="text-align: left;" align="left">Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12136" target="_blank">CVE-2017-12136</a><br><a href="http://www.openwall.com/lists/oss-security/2017/08/15/3" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/100346" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1039175" target="_blank">SECTRACK</a><br><a href="http://xenbits.xen.org/xsa/advisory-228.html" target="_blank">CONFIRM</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1477651" target="_blank">MISC</a><br><a href="https://support.citrix.com/article/CTX225941" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">xen -- xen<br> </td><td style="text-align: left;" align="left">arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12137" target="_blank">CVE-2017-12137</a><br><a href="http://www.openwall.com/lists/oss-security/2017/08/15/2" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/100342" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1039174" target="_blank">SECTRACK</a><br><a href="http://xenbits.xen.org/xsa/advisory-227.html" target="_blank">CONFIRM</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1477657" target="_blank">MISC</a><br><a href="https://support.citrix.com/article/CTX225941" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">xen -- xen<br> </td><td style="text-align: left;" align="left">Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12135" target="_blank">CVE-2017-12135</a><br><a href="http://www.openwall.com/lists/oss-security/2017/08/15/1" target="_blank">MLIST</a><br><a href="http://www.openwall.com/lists/oss-security/2017/08/17/6" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/100344" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1039178" target="_blank">SECTRACK</a><br><a href="http://xenbits.xen.org/xsa/advisory-226.html" target="_blank">CONFIRM</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1477655" target="_blank">MISC</a><br><a href="https://support.citrix.com/article/CTX225941" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">xen -- xen<br> </td><td style="text-align: left;" align="left">The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12134" target="_blank">CVE-2017-12134</a><br><a href="http://www.openwall.com/lists/oss-security/2017/08/15/4" target="_blank">MLIST</a><br><a href="http://www.securityfocus.com/bid/100343" target="_blank">BID</a><br><a href="http://www.securitytracker.com/id/1039176" target="_blank">SECTRACK</a><br><a href="http://xenbits.xen.org/xsa/advisory-229.html" target="_blank">CONFIRM</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1477656" target="_blank">MISC</a><br><a href="https://support.citrix.com/article/CTX225941" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">zen_cart -- zen_cart<br> </td><td style="text-align: left;" align="left">Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8352" target="_blank">CVE-2015-8352</a><br><a href="http://www.securityfocus.com/archive/1/archive/1/537129/100/0/threaded" target="_blank">BUGTRAQ</a><br><a href="https://www.htbridge.com/advisory/HTB23282" target="_blank">MISC</a><br><a href="https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">zend-diactoros -- zend-diactoros<br> </td><td style="text-align: left;" align="left">Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.</td><td style="text-align: center;" align="center">2017-08-25</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3257" target="_blank">CVE-2015-3257</a><br><a href="http://www.securityfocus.com/bid/75466" target="_blank">BID</a><br><a href="https://framework.zend.com/security/advisory/ZF2015-05" target="_blank">CONFIRM</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">zte_adsl -- w300_modems<br> </td><td style="text-align: left;" align="left">ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7259" target="_blank">CVE-2015-7259</a><br><a href="http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html" target="_blank">MISC</a><br><a href="http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2015/Nov/48" target="_blank">FULLDISC</a><br><a href="https://www.exploit-db.com/exploits/38772/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">zte_adsl -- w300_modems<br> </td><td style="text-align: left;" align="left">ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7258" target="_blank">CVE-2015-7258</a><br><a href="http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html" target="_blank">MISC</a><br><a href="http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2015/Nov/48" target="_blank">FULLDISC</a><br><a href="https://www.exploit-db.com/exploits/38772/" target="_blank">EXPLOIT-DB</a></td></tr><tr><td class="ox-18fc54db99-vendor-product" style="text-align: left;" scope="row" align="left">zte_adsl -- w300_modems<br> </td><td style="text-align: left;" align="left">ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".</td><td style="text-align: center;" align="center">2017-08-24</td><td style="text-align: center; width: 5%;" align="center">not yet calculated</td><td><a href="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7257" target="_blank">CVE-2015-7257</a><br><a href="http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html" target="_blank">MISC</a><br><a href="http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html" target="_blank">MISC</a><br><a href="http://seclists.org/fulldisclosure/2015/Nov/48" target="_blank">FULLDISC</a><br><a href="https://www.exploit-db.com/exploits/38772/" target="_blank">EXPLOIT-DB</a></td></tr></tbody></table><a href="https://www.us-cert.gov#top">Back to top</a></div><hr><p>This product is provided subject to this <a href="http://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="http://www.us-cert.gov/privacy/">Privacy & Use</a> policy.</p></div></div><div id="ox-18fc54db99-mail_footer"><hr><table style="border-collapse: collapse; width: 100%;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #757575; font-size: 10px; font-family: Arial;" width="89%" height="60">A copy of this publication is available at <a href="https://www.us-cert.gov">www.us-cert.gov</a>. If you need help or have questions, please send an email to <a href="mailto:info@us-cert.gov">info@us-cert.gov</a>. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@ncas.us-cert.gov to your address book.</td></tr></tbody></table><table style="border-collapse: collapse; width: 400px;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" valign="bottom" height="24">OTHER RESOURCES:</td></tr><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" valign="middle" height="24"><a href="http://www.us-cert.gov/contact-us/" target="_blank">Contact Us</a> | <a href="http://www.us-cert.gov/security-publications" target="_blank">Security Publications</a> | <a href="http://www.us-cert.gov/ncas" target="_blank">Alerts and Tips</a> | <a href="http://www.us-cert.gov/related-resources" target="_blank">Related Resources</a></td></tr></tbody></table><table style="border-collapse: collapse; width: 150px;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #666666; font-family: Arial, sans-serif; font-size: 12px;" colspan="7" valign="bottom" height="24">STAY CONNECTED:</td></tr><tr><td width="41" style="padding: 0px;"><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new"><img src="https://service.govdelivery.com/banners/GOVDELIVERY/SOCIAL_MEDIA/envelope.gif" border="0" alt="Sign up for email updates" width="25" height="25" style="width: 25px; height: 25px;"></a></td></tr></tbody></table><p style="color: #666666; font-family: Arial, sans-serif; font-size: 12px;">SUBSCRIBER SERVICES:<br><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true" target="_blank">Manage Preferences</a>  |  <a href="https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.b03cc84c90ac58ffb6e970add416fb2d&destination=w3hwn%40arrl.net" target="_blank">Unsubscribe</a>  |  <a href="https://subscriberhelp.govdelivery.com/">Help</a></p></div><div id="ox-18fc54db99-tagline"><hr><table style="border-collapse: collapse; width: 100%;" border="0" cellspacing="0" cellpadding="0" class="mce-item-table"><tbody><tr><td style="padding: 0px; color: #757575; font-size: 10px; font-family: Arial;" width="89%">This email was sent to w3hwn@arrl.net using GovDelivery Communications Cloud on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870</td><td align="right" width="11%" style="padding: 0px;"><a href="https://insights.govdelivery.com/Communications/Subscriber_Help_Center" target="_blank"><img src="https://public.govdelivery.com/images/govd-logo-dark.png" border="0" alt="GovDelivery logo" width="115"></a></td></tr></tbody></table></div></td></tr></tbody></table></blockquote></body></html>