Fwd: SB17-240: Vulnerability Summary for the Week of August 21, 2017
RICHARD BARTH
w3hwn at comcast.net
Mon Aug 28 14:33:43 EDT 2017
-------- Original Message ----------
From: US-CERT <US-CERT at ncas.us-cert.gov>
To: w3hwn at arrl.net
Date: August 28, 2017 at 12:20 PM
Subject: SB17-240: Vulnerability Summary for the Week of August 21, 2017
[U.S. Department of Homeland Security US-CERT]
National Cyber Awareness System:
SB17-240: Vulnerability Summary for the Week of August 21, 2017 https://www.us-cert.gov/ncas/bulletins/SB17-240
08/28/2017 06:43 AM EDT
Original release date: August 28, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology http://www.nist.gov (NIST) National Vulnerability Database http://nvd.nist.gov (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security http://www.dhs.gov (DHS) National Cybersecurity and Communications Integration Center https://www.us-cert.gov/nccic (NCCIC) / United States Computer Emergency Readiness Team https://www.us-cert.gov (US-CERT). For modified or updated entries, please visit the NVD http://nvd.nist.gov , which contains historical vulnerability information.
The vulnerabilities are based on the CVE http://cve.mitre.org/ vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System http://nvd.nist.gov/cvss.cfm (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
* Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
* Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
apache2triad -- apache2triad Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. 2017-08-23 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12965&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-12965 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12965
MISC http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt
MISC http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html
BID http://www.securityfocus.com/bid/100447
aptus -- styra_porttelefonkort_4400_firmware Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-7278&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-7278 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7278
CONFIRM https://www.aptus.se/sv/site/aptusse/support/sakerhetsuppdatering/
buffalo -- wcr-1166ds_firmware Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. 2017-08-18 7.7 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10811&vector=(AV:A/AC:L/Au:S/C:C/I:C/A:C) CVE-2017-10811 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10811
CONFIRM http://buffalo.jp/support_s/s20170804_1.html
JVN https://jvn.jp/en/jp/JVN05340005/index.html
enecho.meti -- shin_kikan_toukei_houkoku_data_nyuryokuyou_program Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10821&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-10821 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10821
JVN https://jvn.jp/en/jp/JVN73559859/index.html
enecho.meti -- shin_kinkyuji_houkoku_data_nyuryoku_program Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10823&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-10823 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10823
JVN https://jvn.jp/en/jp/JVN23546631/index.html
enecho.meti -- shin_sekiyu_yunyu_chousa_houkoku_data_nyuryoku_program Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10822&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-10822 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10822
JVN https://jvn.jp/en/jp/JVN71104430/index.html
enecho.meti -- teikihoukokusho_sakuseishien_tool Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2228&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-2228 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2228
JVN https://jvn.jp/en/jp/JVN53292345/index.html
formcraft-wp -- formcraft The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php. 2017-08-23 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13137&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-13137 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13137
MISC https://packetstormsecurity.com/files/143116/WordPress-FormCraft-Basic-1.0.5-SQL-Injection.html
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9411&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9411 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9411
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9968&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9968 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9968
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9969&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9969 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9969
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9971&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9971 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9971
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9972&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9972 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9972
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9973&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9973 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9973
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9974&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9974 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9974
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9975&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9975 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9975
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9976&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9976 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9976
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9977&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9977 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9977
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9978&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9978 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9978
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9979&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9979 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9979
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9980&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9980 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9980
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-9981&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2014-9981 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9981
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-0574&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-0574 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0574
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-0575&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-0575 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0575
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. 2017-08-18 7.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-0576&vector=(AV:N/AC:H/Au:N/C:C/I:C/A:C) CVE-2015-0576 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0576
MISC. https://source.android.com/security/bulletin/2017-04-01
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8592&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-8592 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8592
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8593&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-8593 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8593
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8594&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-8594 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8594
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8595&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-8595 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8595
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-8596&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-8596 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8596
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9034&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9034 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9034
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9035&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9035 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9035
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9036&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9036 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9036
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9037&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9037 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9037
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9038&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9038 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9038
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9039&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9039 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9039
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9040&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9040 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9040
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9041&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9041 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9041
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9042&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9042 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9042
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9043&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9043 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9043
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9044&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9044 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9044
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9045&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9045 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9045
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9046&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9046 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9046
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9047&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9047 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9047
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9048&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9048 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9048
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9049&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9049 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9049
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9050&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9050 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9050
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9051&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9051 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9051
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9052&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9052 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9052
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9053&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9053 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9053
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9054&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9054 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9054
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9055&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9055 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9055
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9060&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9060 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9060
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9061&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9061 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9061
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9062&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9062 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9062
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9063&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9063 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9063
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9064&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9064 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9064
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9065&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9065 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9065
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9066&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9066 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9066
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9067&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9067 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9067
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9068&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9068 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9068
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9069&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9069 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9069
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9070&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9070 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9070
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9071&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9071 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9071
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9072&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9072 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9072
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-9073&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-9073 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-9073
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10343&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10343 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10343
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10344&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10344 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10344
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10346&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10346 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10346
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10347&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10347 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10347
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10380&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10380 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10380
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10381&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10381 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10381
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10382&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10382 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10382
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10383&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2016-10383 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10383
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10384&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10384 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10384
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10385&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10385 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10385
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10386&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10386 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10386
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10387&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10387 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10387
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10388&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10388 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10388
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10389&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2016-10389 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10389
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10390&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10390 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10390
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10391&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10391 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10391
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-10392&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-10392 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10392
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5871&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-5871 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5871
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2016-5872&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-5872 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5872
BID http://www.securityfocus.com/bid/99467
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701. 2017-08-23 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-0805&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-0805 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0805
CONFIRM https://source.android.com/security/bulletin/2017-08-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition. 2017-08-18 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-7364&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-7364 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7364
SECTRACK http://www.securitytracker.com/id/1038623
CONFIRM https://source.android.com/security/bulletin/2017-06-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8253&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-8253 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8253
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8255&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-8255 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8255
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. 2017-08-18 7.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8262&vector=(AV:N/AC:H/Au:N/C:C/I:C/A:C) CVE-2017-8262 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8262
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8263&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-8263 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8263
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. 2017-08-18 7.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8267&vector=(AV:N/AC:H/Au:N/C:C/I:C/A:C) CVE-2017-8267 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8267
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8268&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-8268 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8268
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9678&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-9678 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9678
BID http://www.securityfocus.com/bid/100213
CONFIRM https://source.android.com/security/bulletin/2017-06-01
MISC. https://source.android.com/security/bulletin/2017-08-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. 2017-08-18 7.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9684&vector=(AV:N/AC:H/Au:N/C:C/I:C/A:C) CVE-2017-9684 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9684
BID http://www.securityfocus.com/bid/100213
CONFIRM https://source.android.com/security/bulletin/2017-06-01
MISC. https://source.android.com/security/bulletin/2017-08-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9685&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-9685 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9685
BID http://www.securityfocus.com/bid/100477
CONFIRM https://source.android.com/security/bulletin/2017-06-01
imagemagick -- imagemagick In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. 2017-08-22 7.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13133&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:C) CVE-2017-13133 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13133
BID http://www.securityfocus.com/bid/100479
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/679
imagemagick -- imagemagick In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. 2017-08-23 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13139&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-13139 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13139
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05
kddi -- qua_station_firmware Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-2289&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-2289 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2289
JVN https://jvn.jp/en/jp/JVN81659403/index.html
libsass -- libsass There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. 2017-08-18 7.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12964&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2017-12964 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12964
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1482397
linux -- linux_kernel The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. 2017-08-19 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10662&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-10662 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10662
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124
CONFIRM http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1
BID http://www.securityfocus.com/bid/100215
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1481146
CONFIRM https://github.com/torvalds/linux/commit/b9dd46188edc2f0d1f37328637860bb65a771124
CONFIRM https://source.android.com/security/bulletin/2017-08-01
linux -- linux_kernel The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. 2017-08-19 7.2 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10663&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-10663 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10663
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15d3042a937c13f5d9244241c7a9c8416ff6e82a
CONFIRM http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4
BID http://www.securityfocus.com/bid/100215
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1481149
CONFIRM https://github.com/torvalds/linux/commit/15d3042a937c13f5d9244241c7a9c8416ff6e82a
CONFIRM https://source.android.com/security/bulletin/2017-08-01
nexusphp -- nexusphp NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. 2017-08-21 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12981&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-12981 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12981
MISC https://github.com/gitsucce/nexusphp/blob/master/nexusphp.md
nexusphp_project -- nexusphp SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. 2017-08-18 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12776&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-12776 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12776
MISC http://sh1yan.top/shiyan/cve.txt
nih -- libzip Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. 2017-08-23 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12858&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-12858 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12858
BID http://www.securityfocus.com/bid/100459
CONFIRM https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
qnap -- ts-212p_firmware Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. 2017-08-18 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12582&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-12582 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12582
MISC http://www.kth.ninja/2017/08/qnap-surveillance-station.html
rarlab -- unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. 2017-08-18 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12940&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-12940 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12940
MISC http://seclists.org/oss-sec/2017/q3/290
rarlab -- unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. 2017-08-18 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12941&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-12941 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12941
MISC http://seclists.org/oss-sec/2017/q3/290
rarlab -- unrar libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. 2017-08-18 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12942&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-12942 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12942
MISC http://seclists.org/oss-sec/2017/q3/290
teikoku_databank -- type_a Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-10824&vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2017-10824 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10824
JVN https://jvn.jp/en/jp/JVN18641169/index.html
wago -- wago_i/o_plc_758-870_firmware WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. 2017-08-22 10.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-6473&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2015-6473 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6473
MISC http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html
FULLDISC http://seclists.org/fulldisclosure/2016/Mar/4
BID http://www.securityfocus.com/bid/84138
x.org -- libxfont A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. 2017-08-18 7.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2007-5199&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2007-5199 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5199
CONFIRM https://bugzilla.suse.com/show_bug.cgi?id=327854
CONFIRM https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef
Back to top https://www.us-cert.gov#top
Medium Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
altools -- alzip Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename. 2017-08-19 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11323&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-11323 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11323
MISC http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html
MISC http://www.altools.com/ALTools/ALZip/Version-History.aspx
apache2triad -- apache2triad Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. 2017-08-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12970&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-12970 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12970
MISC http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt
MISC http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html
BID http://www.securityfocus.com/bid/100447
apache2triad -- apache2triad Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. 2017-08-23 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12971&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-12971 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12971
MISC http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt
MISC http://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.html
BID http://www.securityfocus.com/bid/100447
asn1c_project -- asn1c The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. 2017-08-20 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12966&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-12966 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12966
MISC https://drive.google.com/open?id=0B9DojFnTUSNGd05zSHI1RmpKQjQ
asus -- dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. 2017-08-18 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12592&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2017-12592 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12592
MISC https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html
asus -- dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12593&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-12593 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12593
MISC https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html
attic_project -- attic attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file". 2017-08-18 4.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-4082&vector=(AV:N/AC:L/Au:S/C:P/I:N/A:N) CVE-2015-4082 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4082
MLIST http://www.openwall.com/lists/oss-security/2015/05/31/3
BID http://www.securityfocus.com/bid/74821
CONFIRM https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072
CONFIRM https://github.com/jborg/attic/issues/271
broken_link_checker_project -- broken_link_checker Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. 2017-08-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5057&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2015-5057 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5057
MLIST http://www.openwall.com/lists/oss-security/2015/06/25/1
BID http://www.securityfocus.com/bid/75421
MISC https://wordpress.org/plugins/broken-link-checker/#developers
ccfile -- cc_file_transfer In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787. 2017-08-21 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12784&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-12784 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12784
MISC https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view
cyrusimap -- cyrus_imap Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. 2017-08-22 4.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12843&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N) CVE-2017-12843 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12843
CONFIRM https://github.com/cyrusimap/cyrus-imapd/commit/53c4137bd924b954432c6c59da7572c4c5ffa901
CONFIRM https://github.com/cyrusimap/cyrus-imapd/commit/5edadcfb83bf27107578830801817f9e6d0ad941
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M32R5QPCCNT57BVH3NPV5WVJFSTDP7Q/
CONFIRM https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.3.html
d-link -- dir-600_b1_firmware D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12943&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-12943 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12943
MISC https://www.youtube.com/watch?v=PeNOJORAQsQ
django-cms -- django_cms Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5081&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2015-5081 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5081
MLIST http://www.openwall.com/lists/oss-security/2015/06/28/1
CONFIRM https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a
CONFIRM https://www.django-cms.org/en/blog/2015/06/27/311-3014-release/
dokuwiki -- dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. 2017-08-21 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12979&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-12979 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12979
CONFIRM https://github.com/splitbrain/dokuwiki/issues/2080
dokuwiki -- dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. 2017-08-21 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12980&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-12980 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12980
CONFIRM https://github.com/splitbrain/dokuwiki/issues/2081
easymodal_project -- easy_modal classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. 2017-08-18 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12946&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2017-12946 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12946
MISC http://www.defensecode.com/advisories/DC-2017-01-007_WordPress_Easy_Modal_Plugin_Advisory.pdf
MISC https://wordpress.org/plugins/easy-modal/#developers
easymodal_project -- easy_modal classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. 2017-08-18 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12947&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2017-12947 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12947
MISC http://www.defensecode.com/advisories/DC-2017-01-007_WordPress_Easy_Modal_Plugin_Advisory.pdf
MISC https://wordpress.org/plugins/easy-modal/#developers
exiv2 -- exiv2 There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12955&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-12955 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12955
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1482295
exiv2 -- exiv2 There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. 2017-08-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12956&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-12956 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12956
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1482296
exiv2 -- exiv2 There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. 2017-08-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12957&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-12957 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12957
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1482423
fedoraproject -- fedora Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. 2017-08-22 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5258&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2015-5258 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5258
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177420.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1305443
gnome -- librest The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-2675&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2015-2675 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2675
REDHAT http://rhn.redhat.com/errata/RHSA-2015-2237.html
MLIST http://www.openwall.com/lists/oss-security/2015/03/23/8
CONFIRM https://bugzilla.gnome.org/show_bug.cgi?id=742644
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1183982
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1199049
CONFIRM https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329
gnu -- binutils The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. 2017-08-19 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12967&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-12967 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12967
BID http://www.securityfocus.com/bid/100462
CONFIRM https://sourceware.org/bugzilla/show_bug.cgi?id=21962
gnu -- pspp There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12958&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-12958 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12958
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1482429
gnu -- pspp There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12959&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-12959 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12959
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1482432
gnu -- pspp There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12960&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-12960 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12960
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1482433
gnu -- pspp There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12961&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-12961 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12961
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1482436
google -- android A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35583675. 2017-08-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-0687&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-0687 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0687
BID http://www.securityfocus.com/bid/99478
CONFIRM https://source.android.com/security/bulletin/2017-08-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. 2017-08-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8254&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2017-8254 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8254
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8256&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-8256 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8256
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8257&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-8257 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8257
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8260&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-8260 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8260
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8261&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-8261 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8261
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. 2017-08-18 5.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8265&vector=(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2017-8265 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8265
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. 2017-08-18 5.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8266&vector=(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2017-8266 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8266
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. 2017-08-18 5.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8270&vector=(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2017-8270 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8270
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-8272&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-8272 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8272
BID http://www.securityfocus.com/bid/99465
CONFIRM https://source.android.com/security/bulletin/2017-07-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9679&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-9679 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9679
BID http://www.securityfocus.com/bid/100210
CONFIRM https://source.android.com/security/bulletin/2017-06-01
MISC. https://source.android.com/security/bulletin/2017-08-01
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9680&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-9680 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9680
BID http://www.securityfocus.com/bid/100210
CONFIRM https://source.android.com/security/bulletin/2017-06-01
MISC. https://source.android.com/security/bulletin/2017-08-01
graphicsmagick -- graphicsmagick The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12935&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-12935 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12935
MISC http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
MISC https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-invalid-memory-read-in-setimagecolorcallback-image-c/
graphicsmagick -- graphicsmagick The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12936&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-12936 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12936
MISC http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
MISC https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c/
graphicsmagick -- graphicsmagick The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12937&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-12937 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12937
MISC http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
BID http://www.securityfocus.com/bid/100442
MISC https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/
graphicsmagick -- graphicsmagick GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13063&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13063 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13063
CONFIRM http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CONFIRM https://sourceforge.net/p/graphicsmagick/bugs/434/
graphicsmagick -- graphicsmagick GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13064&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13064 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13064
CONFIRM http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
BID http://www.securityfocus.com/bid/100474
CONFIRM https://sourceforge.net/p/graphicsmagick/bugs/436/
graphicsmagick -- graphicsmagick GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13065&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13065 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13065
CONFIRM http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CONFIRM https://sourceforge.net/p/graphicsmagick/bugs/435/
graphicsmagick -- graphicsmagick GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13066&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13066 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13066
BID http://www.securityfocus.com/bid/100463
CONFIRM https://sourceforge.net/p/graphicsmagick/bugs/430/
graphicsmagick -- graphicsmagick In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. 2017-08-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13147&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-13147 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13147
CONFIRM https://sourceforge.net/p/graphicsmagick/bugs/446/
graphicsmagick -- graphicsmagick In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. 2017-08-23 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13648&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13648 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13648
CONFIRM https://sourceforge.net/p/graphicsmagick/bugs/433/
ibm -- security_network_protection_4100_firmware Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-6189&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2014-6189 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6189
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21697248
BID http://www.securityfocus.com/bid/73940
ibm -- websphere_application_server IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. 2017-08-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1501&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2017-1501 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1501
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg22006810
BID http://www.securityfocus.com/bid/100394
SECTRACK http://www.securitytracker.com/id/1039199
MISC https://exchange.xforce.ibmcloud.com/vulnerabilities/129576
igniterealtime -- openfire OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-3451&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2014-3451 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3451
MISC http://packetstormsecurity.com/files/131614/OpenFire-XMPP-3.9.3-Certificate-Handling.html
MLIST http://www.openwall.com/lists/oss-security/2015/04/23/16
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/535363/100/1100/threaded
BID http://www.securityfocus.com/bid/74305
MISC https://community.igniterealtime.org/blogs/ignite/2015/04/22/openfire-3100-released
imagemagick -- imagemagick Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. 2017-08-21 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12983&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-12983 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12983
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/682
imagemagick -- imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13058&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13058 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13058
BID http://www.securityfocus.com/bid/100468
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/666
imagemagick -- imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13059&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13059 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13059
BID http://www.securityfocus.com/bid/100457
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/667
imagemagick -- imagemagick In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13060&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13060 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13060
BID http://www.securityfocus.com/bid/100469
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/644
imagemagick -- imagemagick In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13061&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13061 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13061
BID http://www.securityfocus.com/bid/100481
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/645
imagemagick -- imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13062&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13062 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13062
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/669
imagemagick -- imagemagick In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13131&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13131 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13131
BID http://www.securityfocus.com/bid/100478
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/676
imagemagick -- imagemagick In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13132&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13132 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13132
BID http://www.securityfocus.com/bid/100458
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/674
imagemagick -- imagemagick In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13134&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13134 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13134
BID http://www.securityfocus.com/bid/100476
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/670
imagemagick -- imagemagick In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. 2017-08-23 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13140&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13140 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13140
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870111
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/596
imagemagick -- imagemagick In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c. 2017-08-23 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13141&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13141 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13141
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/600
imagemagick -- imagemagick In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. 2017-08-23 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13142&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13142 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13142
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870105
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac
imagemagick -- imagemagick In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. 2017-08-23 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13143&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-13143 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13143
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870012
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/362
imagemagick -- imagemagick In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. 2017-08-23 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13144&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13144 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13144
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869728
CONFIRM https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
imagemagick -- imagemagick In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. 2017-08-23 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13145&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13145 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13145
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869830
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/ac23b02ecb741e5de60f5235ea443790c88a0b80
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/501
imagemagick -- imagemagick In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. 2017-08-23 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13146&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-13146 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13146
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870013
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430
imagemagick -- imagemagick In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. 2017-08-24 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13658&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-13658 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13658
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870019
CONFIRM https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
CONFIRM https://github.com/ImageMagick/ImageMagick/issues/598
libsass -- libsass There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12962&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-12962 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12962
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1482331
libsass -- libsass There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24). 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12963&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-12963 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12963
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1482335
libtiff -- libtiff The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12944&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-12944 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12944
CONFIRM http://bugzilla.maptools.org/show_bug.cgi?id=2725
netapp -- clustered_data_ontap Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code. 2017-08-18 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12420&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2017-12420 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12420
BID http://www.securityfocus.com/bid/100429
CONFIRM https://kb.netapp.com/support/s/article/NTAP-20170814-0001
netapp -- data_ontap NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. 2017-08-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12859&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2017-12859 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12859
BID http://www.securityfocus.com/bid/100417
CONFIRM https://kb.netapp.com/support/s/article/NTAP-20170815-0002
nexusphp_project -- nexusphp Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. 2017-08-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12680&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-12680 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12680
MISC http://www.lsafe.org/cve.txt
BID http://www.securityfocus.com/bid/100424
nongnu -- icoutils Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. 2017-08-22 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-5208&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5208 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5208
MLIST http://www.openwall.com/lists/oss-security/2017/01/08/5
BID http://www.securityfocus.com/bid/95315
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1411251
open-uri-cached_project -- open-uri-cached The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created. 2017-08-18 4.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-3649&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P) CVE-2015-3649 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3649
MISC http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
MLIST http://www.openwall.com/lists/oss-security/2015/05/06/2
BID http://www.securityfocus.com/bid/74469
MISC https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115
MISC https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25
MISC https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39
paessler -- prtg_network_monitor Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-08-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9816&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-9816 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9816
CONFIRM https://www.paessler.com/prtg/history/stable
phpmywind -- phpmywind PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. 2017-08-21 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12984&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-12984 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12984
MISC http://www.yuag.org/2016/08/17/phpmywind_5-3%E5%AD%98%E5%82%A8%E5%9E%8Bxss/
podlove -- podlove_podcast_publisher lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. 2017-08-18 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12949&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2017-12949 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12949
MISC http://www.defensecode.com/advisories/DC-2017-05-006_WordPress_Podlove_Podcast_Publisher_Plugin_Advisory.pdf
pressforward -- pressforward Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. 2017-08-18 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12948&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-12948 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12948
MISC http://www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdf
pulp_project -- pulp Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. 2017-08-18 6.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-5153&vector=(AV:N/AC:L/Au:S/C:P/I:P/A:P) CVE-2015-5153 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5153
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1243526
qodeinteractive -- bridge DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. 2017-08-23 4.3 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-13138&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2017-13138 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13138
MISC http://bridge.qodeinteractive.com/change-log/
MISC http://imgur.com/a/OT9vl
MISC https://wpvulndb.com/vulnerabilities/8892
razerone -- synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. 2017-08-18 4.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11652&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-11652 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11652
MISC http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html
razerone -- synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. 2017-08-18 4.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11653&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P) CVE-2017-11653 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11653
MISC http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html
resiprocate -- resiprocate Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9454&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-9454 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9454
CONFIRM https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df
MLIST https://list.resiprocate.org/archive/resiprocate-users/msg02700.html
spring_batch_admin_project -- spring_batch_admin Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12881&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-12881 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12881
MLIST http://www.openwall.com/lists/oss-security/2017/08/16/5
BID http://www.securityfocus.com/bid/100410
strongswan -- strongswan The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. 2017-08-18 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-11185&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-11185 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11185
BID http://www.securityfocus.com/bid/100492
CONFIRM https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html
tomaxcom -- r60g_firmware ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. 2017-08-18 6.8 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12589&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-12589 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12589
BID http://www.securityfocus.com/bid/100438
MISC https://iscouncil.blogspot.com/2017/08/cross-site-request-forgery_11.html
wago -- wago_i/o_plc_758-870_firmware WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. 2017-08-22 5.0 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2015-6472&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2015-6472 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6472
MISC http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html
FULLDISC http://seclists.org/fulldisclosure/2016/Mar/4
BID http://www.securityfocus.com/bid/84138
Back to top https://www.us-cert.gov#top
Low Vulnerabilities
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
asus -- dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. 2017-08-18 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12591&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2017-12591 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12591
MISC https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html
cacti -- cacti lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. 2017-08-21 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12978&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2017-12978 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12978
SECTRACK http://www.securitytracker.com/id/1039226
CONFIRM https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG
CONFIRM https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24
CONFIRM https://github.com/Cacti/cacti/issues/918
google -- android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. 2017-08-18 2.6 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-9682&vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) CVE-2017-9682 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9682
BID http://www.securityfocus.com/bid/100213
CONFIRM https://source.android.com/security/bulletin/2017-06-01
MISC. https://source.android.com/security/bulletin/2017-08-01
ibm -- rational_requirements_composer IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246. 2017-08-18 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-1338&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2017-1338 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1338
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg22004138
BID http://www.securityfocus.com/bid/100353
MISC https://exchange.xforce.ibmcloud.com/vulnerabilities/126246
qemu -- qemu QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. 2017-08-23 2.1 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12809&vector=(AV:L/AC:L/Au:N/C:N/I:N/A:P) CVE-2017-12809 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12809
MLIST http://www.openwall.com/lists/oss-security/2017/08/21/2
BID http://www.securityfocus.com/bid/100451
MLIST https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html
spring_batch_admin_project -- spring_batch_admin Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. 2017-08-18 3.5 https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2017-12882&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2017-12882 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12882
MLIST http://www.openwall.com/lists/oss-security/2017/08/16/5
BID http://www.securityfocus.com/bid/100410
Back to top https://www.us-cert.gov#top
Severity Not Yet Assigned
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
accellion -- file_transfer_appliance
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. 2017-08-22 not yet calculated CVE-2015-2857 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2857
MISC http://packetstormsecurity.com/files/132665/Accellion-FTA-getStatus-verify_oauth_token-Command-Execution.html
MISC http://www.rapid7.com/db/modules/exploit/linux/http/accellion_fta_getstatus_oauth
MISC https://community.rapid7.com/community/metasploit/blog/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857
EXPLOIT-DB https://www.exploit-db.com/exploits/37597/
apache -- pony_mail
Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. 2017-08-22 not yet calculated CVE-2016-4460 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4460
CONFIRM http://markmail.org/message/jy7o23cppny26icu
BID http://www.securityfocus.com/bid/100449
atlassian -- crucible
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. 2017-08-24 not yet calculated CVE-2017-9509 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9509
MISC https://cwe.mitre.org/data/definitions/79.html
MISC https://jira.atlassian.com/browse/CRUC-8046
atlassian -- crucible
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter. 2017-08-24 not yet calculated CVE-2017-9507 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9507
MISC https://cwe.mitre.org/data/definitions/79.html
MISC https://jira.atlassian.com/browse/CRUC-8043
atlassian -- fisheye_and_crucible
The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. 2017-08-24 not yet calculated CVE-2017-9512 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9512
MISC https://cwe.mitre.org/data/definitions/284.html
MISC https://jira.atlassian.com/browse/CRUC-8053
MISC https://jira.atlassian.com/browse/FE-6892
atlassian -- fisheye_and_crucible
The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system. 2017-08-24 not yet calculated CVE-2017-9511 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9511
MISC https://cwe.mitre.org/data/definitions/22.html
MISC https://jira.atlassian.com/browse/CRUC-8049
MISC https://jira.atlassian.com/browse/FE-6891
atlassian -- fisheye_and_crucible
Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file. 2017-08-24 not yet calculated CVE-2017-9508 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9508
MISC https://cwe.mitre.org/data/definitions/79.html
MISC https://jira.atlassian.com/browse/CRUC-8044
MISC https://jira.atlassian.com/browse/FE-6898
atlassian -- fisheye
The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. 2017-08-24 not yet calculated CVE-2017-9510 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9510
MISC https://cwe.mitre.org/data/definitions/79.html
MISC https://jira.atlassian.com/browse/FE-6890
atlassian -- oauth_plugin
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). 2017-08-23 not yet calculated CVE-2017-9506 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9506
MISC https://cwe.mitre.org/data/definitions/918.html
MISC https://ecosystem.atlassian.net/browse/OAUTH-344
automated_logic_corporation -- alc_webctrl
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software. 2017-08-25 not yet calculated CVE-2017-9640 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9640
BID http://www.securityfocus.com/bid/100452
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01
automated_logic_corporation -- alc_webctrl
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. 2017-08-25 not yet calculated CVE-2017-9650 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9650
BID http://www.securityfocus.com/bid/100452
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01
EXPLOIT-DB https://www.exploit-db.com/exploits/42544/
automated_logic_corporation -- alc_webctrl
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. 2017-08-25 not yet calculated CVE-2017-9644 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9644
BID http://www.securityfocus.com/bid/100454
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01
EXPLOIT-DB https://www.exploit-db.com/exploits/42542/
bitrix -- bitrix
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php. 2017-08-24 not yet calculated CVE-2015-8355 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8355
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/537130/100/0/threaded
MISC https://www.htbridge.com/advisory/HTB23280
bmc_patrol -- bmc_patrol
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring. 2017-08-22 not yet calculated CVE-2017-13130 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13130
MISC https://github.com/itm4n/bmc-patrol-mcmnm-privesc
cloud4wi -- cloud4wi
Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI. 2017-08-24 not yet calculated CVE-2015-4699 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4699
FULLDISC http://seclists.org/fulldisclosure/2015/Dec/48
MISC http://www.quantumleap.it/cloud4wi-splash-portal-reflected-xss-vulnerability-cve-2015-4699/
CONFIRM https://cloud4wi.zendesk.com/hc/en-us/articles/204956829-Cloud4Wi-5-9-7-Release-Note
cloud_foundry_foundation -- capi
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure. 2017-08-21 not yet calculated CVE-2017-8037 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8037
CONFIRM https://www.cloudfoundry.org/cve-2017-8037/
codiad -- codiad
components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. 2017-08-20 not yet calculated CVE-2017-11366 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11366
MISC http://www.jianshu.com/p/41ac7ac2a7af
MISC https://github.com/Codiad/Codiad/issues/1011
MISC https://github.com/Codiad/Codiad/pull/1013
MISC https://github.com/Codiad/Codiad/pull/1013/commits/b3645b4c6718cef6de7003f41aafe7bfcc0395d1
connect2id -- nimbus_jose+jwt
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation. 2017-08-20 not yet calculated CVE-2017-12974 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12974
CONFIRM https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f
CONFIRM https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve
CONFIRM https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
connect2id -- nimbus_jose+jwt
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. 2017-08-20 not yet calculated CVE-2017-12972 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12972
CONFIRM https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c
CONFIRM https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc
CONFIRM https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
connect2id -- nimbus_jose+jwt
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. 2017-08-20 not yet calculated CVE-2017-12973 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12973
CONFIRM https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912
CONFIRM https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac
CONFIRM https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
d-link -- d-link_firmware D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allows remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. 2017-08-25 not yet calculated CVE-2014-7857 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7857
MISC http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html
FULLDISC http://seclists.org/fulldisclosure/2015/May/125
CONFIRM http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/535626/100/200/threaded
BID http://www.securityfocus.com/bid/74880
d-link -- d-link_firmware The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. 2017-08-25 not yet calculated CVE-2014-7860 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7860
MISC http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html
FULLDISC http://seclists.org/fulldisclosure/2015/May/125
CONFIRM http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/535626/100/200/threaded
BID http://www.securityfocus.com/bid/74884
d-link -- d-link_firmware The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. 2017-08-25 not yet calculated CVE-2014-7858 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7858
MISC http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html
FULLDISC http://seclists.org/fulldisclosure/2015/May/125
CONFIRM http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/535626/100/200/threaded
BID http://www.securityfocus.com/bid/74886
d-link -- d-link_firmware
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values. 2017-08-25 not yet calculated CVE-2014-7859 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7859
MISC http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html
FULLDISC http://seclists.org/fulldisclosure/2015/May/125
CONFIRM http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/535626/100/200/threaded
BID http://www.securityfocus.com/bid/74878
dayrui_finecms -- dayrui_finecms
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable. 2017-08-25 not yet calculated CVE-2017-13697 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13697
MISC http://www.bendawang.site/article/The-latest-version-of-finecms-unlimited-XSS
dnsdist -- dnsdist
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. 2017-08-22 not yet calculated CVE-2017-7557 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7557
MISC https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html
fortinet -- fortimanager
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. 2017-08-22 not yet calculated CVE-2015-3617 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3617
BID http://www.securityfocus.com/bid/74444
SECTRACK http://www.securitytracker.com/id/1032188
CONFIRM https://fortiguard.com/psirt/FG-IR-15-011
git-annex -- git-annex
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. 2017-08-20 not yet calculated CVE-2017-12976 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12976
CONFIRM http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn
CONFIRM http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a
CONFIRM http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471
gnu -- gnu
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. 2017-08-25 not yet calculated CVE-2015-1395 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1395
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html
MLIST http://www.openwall.com/lists/oss-security/2015/01/27/28
BID http://www.securityfocus.com/bid/72846
UBUNTU http://www.ubuntu.com/usn/USN-2651-1
MISC https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1184490
CONFIRM https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd
CONFIRM https://savannah.gnu.org/bugs/?44059
gnu -- gnu
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. 2017-08-25 not yet calculated CVE-2014-9637 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9637
CONFIRM http://advisories.mageia.org/MGASA-2015-0068.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html
MLIST http://www.openwall.com/lists/oss-security/2015/01/22/7
BID http://www.securityfocus.com/bid/72286
UBUNTU http://www.ubuntu.com/usn/USN-2651-1
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1185262
CONFIRM https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944
CONFIRM https://savannah.gnu.org/bugs/?44051
ibm -- flex_system_en6131_ethernet_and_ib6131_infiniband_switch_firmware
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters. 2017-08-25 not yet calculated CVE-2014-9564 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9564
BID http://www.securityfocus.com/bid/74931
CONFIRM https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173
ibm -- maas360_dtm
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412. 2017-08-22 not yet calculated CVE-2017-1422 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1422
CONFIRM http://www.ibm.com/support/docview.wss?uid=swg22006985
BID http://www.securityfocus.com/bid/100415
MISC https://exchange.xforce.ibmcloud.com/vulnerabilities/127412
icewarp -- icewarp_mail_server
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. 2017-08-23 not yet calculated CVE-2017-12844 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12844
MISC https://youtu.be/MI4dhEia1d4
kaspersky -- kaspersky_internet_security_for_android
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. 2017-08-25 not yet calculated CVE-2017-12817 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12817
CONFIRM https://support.kaspersky.com/vulnerability.aspx?el=12430#090817
kaspersky -- kaspersky_internet_security_for_android
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. 2017-08-25 not yet calculated CVE-2017-12816 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12816
CONFIRM https://support.kaspersky.com/vulnerability.aspx?el=12430#090817
linux -- kernal
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. 2017-08-19 not yet calculated CVE-2017-10661 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10661
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6
CONFIRM http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15
BID http://www.securityfocus.com/bid/100215
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1481136
CONFIRM https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6
CONFIRM https://source.android.com/security/bulletin/2017-08-01
linux -- kernel The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 not yet calculated CVE-2017-13694 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13694
MISC https://github.com/acpica/acpica/pull/278/commits/4a0243ecb4c94e2d73510d096c5ea4d0711fc6c0
MISC https://patchwork.kernel.org/patch/9806085/
linux -- kernel
The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 not yet calculated CVE-2017-13693 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13693
MISC https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732
MISC https://patchwork.kernel.org/patch/9919053/
linux -- kernel
net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release. 2017-08-24 not yet calculated CVE-2017-13686 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13686
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205
CONFIRM https://github.com/torvalds/linux/commit/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205
linux -- kernel
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 not yet calculated CVE-2017-13695 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13695
MISC https://github.com/acpica/acpica/pull/296/commits/37f2c716f2c6ab14c3ba557a539c3ee3224931b5
MISC https://patchwork.kernel.org/patch/9850567/
lxdm -- lxdm
LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. 2017-08-24 not yet calculated CVE-2015-8308 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8308
MLIST http://www.openwall.com/lists/oss-security/2015/11/20/6
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1284460
micro_focus -- enterprise_developer_and_enterprise_server
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. 2017-08-21 not yet calculated CVE-2017-5187 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5187
MISC https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017
micro_focus -- enterprise_developer_and_enterprise_server
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. 2017-08-21 not yet calculated CVE-2017-7421 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7421
MISC https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017
micro_focus -- enterprise_developer_and_enterprise_server
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default. 2017-08-21 not yet calculated CVE-2017-7423 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7423
MISC https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017
micro_focus -- enterprise_developer_and_enterprise_server
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). 2017-08-21 not yet calculated CVE-2017-7420 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7420
MISC https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017
micro_focus -- enterprise_developer_and_enterprise_server
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. 2017-08-21 not yet calculated CVE-2017-7424 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7424
MISC https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017
micro_focus -- enterprise_developer_and_enterprise_server
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default. 2017-08-21 not yet calculated CVE-2017-7422 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7422
MISC https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017
misp -- misp
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. 2017-08-24 not yet calculated CVE-2017-13671 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13671
CONFIRM https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa
mktexlsr -- mktexlsr
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700. 2017-08-25 not yet calculated CVE-2015-5701 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5701
MLIST http://www.openwall.com/lists/oss-security/2015/07/30/6
MISC https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1181167
CONFIRM https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
CONFIRM https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log
mktexlsr -- mktexlsr
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. 2017-08-25 not yet calculated CVE-2015-5700 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5700
MLIST http://www.openwall.com/lists/oss-security/2015/07/30/6
MISC https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1181167
CONFIRM https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
CONFIRM https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log
mrd-305-din -- mrd-305-din
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. 2017-08-25 not yet calculated CVE-2016-5816 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5816
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01
multicoreware -- multicoreware
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906. 2017-08-24 not yet calculated CVE-2017-13666 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13666
MISC https://bitbucket.org/multicoreware/x265/issues/364/integer-overflow-and-affect-top-level
nagios -- nagios_core
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. 2017-08-23 not yet calculated CVE-2017-12847 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12847
BID http://www.securityfocus.com/bid/100403
CONFIRM https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog
CONFIRM https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752
CONFIRM https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb
CONFIRM https://github.com/NagiosEnterprises/nagioscore/issues/404
newsbeuter -- newsbeuter
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. 2017-08-23 not yet calculated CVE-2017-12904 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12904
DEBIAN http://www.debian.org/security/2017/dsa-3947
CONFIRM https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
CONFIRM https://github.com/akrennmair/newsbeuter/issues/591
MLIST https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
nexusphp -- nexusphp
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. 2017-08-24 not yet calculated CVE-2017-12679 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12679
MISC https://github.com/bingtanguan/cve/blob/master/201701
nexusphp -- nexusphp
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php. 2017-08-24 not yet calculated CVE-2017-13669 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13669
MISC https://github.com/bingtanguan/cve/blob/master/201701
noviware -- noviware
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow. 2017-08-22 not yet calculated CVE-2017-12787 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12787
EXPLOIT-DB https://www.exploit-db.com/exploits/42518/
noviware -- noviware
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data. 2017-08-22 not yet calculated CVE-2017-12786 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12786
EXPLOIT-DB https://www.exploit-db.com/exploits/42518/
noviware -- noviware
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection. 2017-08-22 not yet calculated CVE-2017-12785 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12785
EXPLOIT-DB https://www.exploit-db.com/exploits/42518/
ntp -- ntp
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. 2017-08-24 not yet calculated CVE-2015-5146 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5146
CONFIRM http://bugs.ntp.org/show_bug.cgi?id=2853
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html
CONFIRM http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
DEBIAN http://www.debian.org/security/2015/dsa-3388
BID http://www.securityfocus.com/bid/75589
SECTRACK http://www.securitytracker.com/id/1034168
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1238136
GENTOO https://security.gentoo.org/glsa/201509-01
onos -- onos
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870). 2017-08-24 not yet calculated CVE-2015-7516 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7516
MLIST http://www.openwall.com/lists/oss-security/2015/11/26/1
BID http://www.securityfocus.com/bid/77752
MISC
CONFIRM
CONFIRM
openjpeg -- openjpeg
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. 2017-08-21 not yet calculated CVE-2017-12982 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12982
MISC https://blogs.gentoo.org/ago/2017/08/14/openjpeg-memory-allocation-failure-in-opj_aligned_alloc_n-opj_malloc-c/
MISC https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7
MISC https://github.com/uclouvain/openjpeg/issues/983
openstack -- ocata_and_newton
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. 2017-08-18 not yet calculated CVE-2017-12440 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12440
BID http://www.securityfocus.com/bid/100455
CONFIRM https://bugs.launchpad.net/ossn/+bug/1649333
CONFIRM https://review.openstack.org/#/c/493823/
CONFIRM https://review.openstack.org/#/c/493824/
CONFIRM https://review.openstack.org/#/c/493826/
openstack-tripleo-image-elements -- openstack-tripleo-image-elements
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. 2017-08-22 not yet calculated CVE-2016-2102 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2102
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1311145
osisoft -- pi_web_api
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. 2017-08-25 not yet calculated CVE-2017-7930 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7930
BID http://www.securityfocus.com/bid/99059
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-164-02
osisoft -- pi_web_api
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. 2017-08-25 not yet calculated CVE-2017-7934 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7934
BID http://www.securityfocus.com/bid/99059
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-164-02
osisoft -- pi_web_api
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. 2017-08-25 not yet calculated CVE-2017-7926 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7926
BID http://www.securityfocus.com/bid/99058
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-164-03
paessler -- prtg_network_monitor
Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML. 2017-08-24 not yet calculated CVE-2017-12879 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12879
MISC https://drive.google.com/open?id=0B6WbMqXSfqQFODZHUGtLdzU3eDA
CONFIRM https://www.paessler.com/prtg/history/preview
php-fpm -- php-fpm
php-fpm allows local users to write to or create arbitrary files via a symlink attack. 2017-08-25 not yet calculated CVE-2015-3211 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3211
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1228721
phpmybackuppro -- phpmybackuppro
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. 2017-08-25 not yet calculated CVE-2015-4181 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4181
MLIST http://www.openwall.com/lists/oss-security/2015/06/04/10
phpmybackuppro -- phpmybackuppro
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050. 2017-08-25 not yet calculated CVE-2015-4180 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4180
MLIST http://www.openwall.com/lists/oss-security/2015/06/04/10
polycom -- multiple_products
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. 2017-08-25 not yet calculated CVE-2017-12857 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12857
CONFIRM http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf
pyjwt -- pyjwt
In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch. 2017-08-24 not yet calculated CVE-2017-11424 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11424
CONFIRM https://github.com/jpadilla/pyjwt/pull/277
python -- kerberos
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. 2017-08-25 not yet calculated CVE-2015-3206 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3206
MLIST http://www.openwall.com/lists/oss-security/2015/05/21/3
BID http://www.securityfocus.com/bid/74760
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1223802
CONFIRM https://github.com/apple/ccs-pykerberos/issues/31
CONFIRM https://pypi.python.org/pypi/kerberos
python -- python
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. 2017-08-24 not yet calculated CVE-2014-4616 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4616
CONFIRM http://bugs.python.org/issue21529
SUSE http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html
MLIST http://openwall.com/lists/oss-security/2014/06/24/7
BID http://www.securityfocus.com/bid/68119
MISC https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1112285
MISC https://hackerone.com/reports/12297
GENTOO https://security.gentoo.org/glsa/201503-10
red_hat -- enterprise_virtualization_manager
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. 2017-08-24 not yet calculated CVE-2015-5293 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5293
CONFIRM https://access.redhat.com/security/cve/CVE-2015-5293
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1267714
red_hat -- jboss_enterprise_application_platform
Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. 2017-08-22 not yet calculated CVE-2016-6311 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6311
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1362735
rhev -- rhev
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. 2017-08-22 not yet calculated CVE-2016-6310 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6310
BID http://www.securityfocus.com/bid/92345
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1363738
riverbed -- opnet_app_response_xpert
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. 2017-08-26 not yet calculated CVE-2017-7693 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7693
MISC http://arthrocyber.com/research#finding_5
salt -- salt
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. 2017-08-25 not yet calculated CVE-2015-4017 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4017
MLIST http://www.openwall.com/lists/oss-security/2015/05/19/2
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1222960
CONFIRM https://docs.saltstack.com/en/latest/topics/releases/2014.7.6.html
CONFIRM https://groups.google.com/forum/#%21topic/salt-users/8Kv1bytGD6c
saltstack -- saltstack
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. 2017-08-23 not yet calculated CVE-2017-12791 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12791
BID http://www.securityfocus.com/bid/100384
MISC https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1482006
CONFIRM https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
CONFIRM https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
CONFIRM https://github.com/saltstack/salt/pull/42944
samsung -- galaxy_s4
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. 2017-08-24 not yet calculated CVE-2015-1800 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1800
MLIST http://www.openwall.com/lists/oss-security/2015/09/21/13
MLIST http://www.openwall.com/lists/oss-security/2015/09/21/4
MLIST http://www.openwall.com/lists/oss-security/2015/09/22/18
BID http://www.securityfocus.com/bid/76807
samsung -- galaxy_s4
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. 2017-08-24 not yet calculated CVE-2015-1801 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1801
MLIST http://www.openwall.com/lists/oss-security/2015/09/21/13
MLIST http://www.openwall.com/lists/oss-security/2015/09/21/4
BID http://www.securityfocus.com/bid/76807
samsung -- galaxy_s6
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. 2017-08-24 not yet calculated CVE-2015-7896 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7896
MISC http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html
BID http://www.securityfocus.com/bid/77425
CONFIRM https://bugs.chromium.org/p/project-zero/issues/detail?id=498&redir=1
EXPLOIT-DB https://www.exploit-db.com/exploits/38612/
spidercontrol -- scada_microbrowser
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. 2017-08-25 not yet calculated CVE-2017-12707 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12707
BID http://www.securityfocus.com/bid/100453
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02
spidercontrol -- scada_web_server
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. 2017-08-25 not yet calculated CVE-2017-12694 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12694
BID http://www.securityfocus.com/bid/100456
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03
supervisor -- supervisor
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. 2017-08-23 not yet calculated CVE-2017-11610 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11610
DEBIAN http://www.debian.org/security/2017/dsa-3942
CONFIRM https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt
CONFIRM https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt
CONFIRM https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt
CONFIRM https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt
CONFIRM https://github.com/Supervisor/supervisor/issues/964
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/
symantec -- vip_access_for_desktop
Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application. 2017-08-21 not yet calculated CVE-2017-6329 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6329
BID http://www.securityfocus.com/bid/100200
CONFIRM https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170821_00
synology -- photo_station_uploader
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. 2017-08-23 not yet calculated CVE-2017-11159 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11159
CONFIRM https://www.synology.com/en-global/support/security/Synology_SA_17_45_Photo_Station_Uploader
synology -- photo_station
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. 2017-08-24 not yet calculated CVE-2017-9555 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9555
CONFIRM https://www.synology.com/en-global/support/security/Synology_SA_17_47_Photo_Station
synology -- synology_dns_server
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. 2017-08-24 not yet calculated CVE-2017-12074 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12074
CONFIRM https://www.synology.com/en-global/support/security/Synology_SA_17_46_DNS_Server
telerik -- telerik.web.ui
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. 2017-08-23 not yet calculated CVE-2017-11357 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11357
CONFIRM http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-reference
telerik -- telerik.web.ui
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. 2017-08-23 not yet calculated CVE-2017-11317 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11317
CONFIRM http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload
tidy -- tidy
In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. 2017-08-25 not yet calculated CVE-2017-13692 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13692
CONFIRM https://github.com/htacg/tidy-html5/issues/588
ubuntu -- apport
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges. 2017-08-25 not yet calculated CVE-2015-1325 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1325
MLIST http://www.openwall.com/lists/oss-security/2015/05/21/10
BID http://www.securityfocus.com/bid/74769
UBUNTU http://www.ubuntu.com/usn/USN-2609-1
EXPLOIT-DB https://www.exploit-db.com/exploits/37088/
ubuntu -- apport
apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges. 2017-08-25 not yet calculated CVE-2015-1324 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1324
BID http://www.securityfocus.com/bid/74767
UBUNTU http://www.ubuntu.com/usn/USN-2609-1
CONFIRM https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239
ubuntu -- concurrent_versions_system
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." 2017-08-24 not yet calculated CVE-2017-12836 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12836
MLIST http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html
DEBIAN http://www.debian.org/security/2017/dsa-3940
MLIST http://www.openwall.com/lists/oss-security/2017/08/11/1
MLIST http://www.openwall.com/lists/oss-security/2017/08/11/4
BID http://www.securityfocus.com/bid/100279
UBUNTU http://www.ubuntu.com/usn/USN-3399-1
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1480800
unity_technologies -- unity_editor
A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. 2017-08-18 not yet calculated CVE-2017-12939 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12939
BID http://www.securityfocus.com/bid/100444
CONFIRM https://unity3d.com/security#issues
unrealircd -- unrealircd
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command. 2017-08-23 not yet calculated CVE-2017-13649 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13649
MISC https://bugs.unrealircd.org/view.php?id=4990
util-linux -- util-linux
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. 2017-08-23 not yet calculated CVE-2015-5224 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5224
MLIST http://www.openwall.com/lists/oss-security/2015/08/24/3
BID http://www.securityfocus.com/bid/76467
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1256686
CONFIRM https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9
westermo -- multiple_routers
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. 2017-08-25 not yet calculated CVE-2017-12709 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12709
BID http://www.securityfocus.com/bid/100470
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01
westermo -- multiple_routers
A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. 2017-08-25 not yet calculated CVE-2017-12703 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12703
BID http://www.securityfocus.com/bid/100470
MISC https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01
wordpress -- photo_gallery_plugin
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter. 2017-08-20 not yet calculated CVE-2017-12977 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12977
MISC https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL
MISC https://wordpress.org/plugins/photo-gallery/#developers
xen -- xen
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. 2017-08-24 not yet calculated CVE-2017-12136 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12136
MLIST http://www.openwall.com/lists/oss-security/2017/08/15/3
BID http://www.securityfocus.com/bid/100346
SECTRACK http://www.securitytracker.com/id/1039175
CONFIRM http://xenbits.xen.org/xsa/advisory-228.html
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1477651
CONFIRM https://support.citrix.com/article/CTX225941
xen -- xen
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. 2017-08-24 not yet calculated CVE-2017-12137 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12137
MLIST http://www.openwall.com/lists/oss-security/2017/08/15/2
BID http://www.securityfocus.com/bid/100342
SECTRACK http://www.securitytracker.com/id/1039174
CONFIRM http://xenbits.xen.org/xsa/advisory-227.html
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1477657
CONFIRM https://support.citrix.com/article/CTX225941
xen -- xen
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. 2017-08-24 not yet calculated CVE-2017-12135 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12135
MLIST http://www.openwall.com/lists/oss-security/2017/08/15/1
MLIST http://www.openwall.com/lists/oss-security/2017/08/17/6
BID http://www.securityfocus.com/bid/100344
SECTRACK http://www.securitytracker.com/id/1039178
CONFIRM http://xenbits.xen.org/xsa/advisory-226.html
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1477655
CONFIRM https://support.citrix.com/article/CTX225941
xen -- xen
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. 2017-08-24 not yet calculated CVE-2017-12134 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12134
MLIST http://www.openwall.com/lists/oss-security/2017/08/15/4
BID http://www.securityfocus.com/bid/100343
SECTRACK http://www.securitytracker.com/id/1039176
CONFIRM http://xenbits.xen.org/xsa/advisory-229.html
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1477656
CONFIRM https://support.citrix.com/article/CTX225941
zen_cart -- zen_cart
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. 2017-08-24 not yet calculated CVE-2015-8352 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8352
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/537129/100/0/threaded
MISC https://www.htbridge.com/advisory/HTB23282
CONFIRM https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015
zend-diactoros -- zend-diactoros
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. 2017-08-25 not yet calculated CVE-2015-3257 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3257
BID http://www.securityfocus.com/bid/75466
CONFIRM https://framework.zend.com/security/advisory/ZF2015-05
zte_adsl -- w300_modems
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. 2017-08-24 not yet calculated CVE-2015-7259 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7259
MISC http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html
MISC http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html
FULLDISC http://seclists.org/fulldisclosure/2015/Nov/48
EXPLOIT-DB https://www.exploit-db.com/exploits/38772/
zte_adsl -- w300_modems
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. 2017-08-24 not yet calculated CVE-2015-7258 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7258
MISC http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html
MISC http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html
FULLDISC http://seclists.org/fulldisclosure/2015/Nov/48
EXPLOIT-DB https://www.exploit-db.com/exploits/38772/
zte_adsl -- w300_modems
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". 2017-08-24 not yet calculated CVE-2015-7257 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7257
MISC http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html
MISC http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html
FULLDISC http://seclists.org/fulldisclosure/2015/Nov/48
EXPLOIT-DB https://www.exploit-db.com/exploits/38772/
Back to top https://www.us-cert.gov#top
---------------------------------------------
This product is provided subject to this Notification http://www.us-cert.gov/privacy/notification and this Privacy & Use http://www.us-cert.gov/privacy/ policy.
---------------------------------------------
A copy of this publication is available at www.us-cert.gov https://www.us-cert.gov . If you need help or have questions, please send an email to info at us-cert.gov mailto:info at us-cert.gov . Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT at ncas.us-cert.gov to your address book.
OTHER RESOURCES:
Contact Us http://www.us-cert.gov/contact-us/ | Security Publications http://www.us-cert.gov/security-publications | Alerts and Tips http://www.us-cert.gov/ncas | Related Resources http://www.us-cert.gov/related-resources
STAY CONNECTED:
[Sign up for email updates] http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new
SUBSCRIBER SERVICES:
Manage Preferences http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true | Unsubscribe https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.b03cc84c90ac58ffb6e970add416fb2d&destination=w3hwn%40arrl.net | Help https://subscriberhelp.govdelivery.com/
---------------------------------------------
This email was sent to w3hwn at arrl.net using GovDelivery Communications Cloud on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 [GovDelivery logo] https://insights.govdelivery.com/Communications/Subscriber_Help_Center
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amrad.org/pipermail/tacos/attachments/20170828/cdaefad9/attachment-0001.html>
More information about the Tacos
mailing list