Vulnerability Summary for the Week of October 9, 2017 Summary for the... · Vulnerability Summary...
Transcript of Vulnerability Summary for the Week of October 9, 2017 Summary for the... · Vulnerability Summary...
Vulnerability Summary for the Week of October 9, 2017
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source & Patch
Info
phpbugtracker_project
-- phpbugtracker
Multiple SQL injection vulnerabilities
in Issuetracker phpBugTracker before
1.7.0 allow remote attackers to
execute arbitrary SQL commands via
the (1) id parameter to project.php, the
(2) group_id parameter to group.php,
the (3) status_id parameter to
status.php, the (4) resolution_id
parameter to resolution.php, the (5)
severity_id parameter to severity.php,
the (6) priority_id parameter to
priority.php, the (7) os_id parameter
to os.php, or the (8) site_id parameter
to site.php.
2017-10-
06 7.5
CVE-2015-2146
MLIST(link is
external)
CONFIRM(link
is external)
phpbugtracker_project
-- phpbugtracker
Multiple SQL injection vulnerabilities
in Issuetracker phpBugTracker before
1.7.0 allow remote attackers to
execute arbitrary SQL commands via
unspecified parameters.
2017-10-
06 7.5
CVE-2015-2147
MISC(link is
external)
MLIST(link is
external) Back to top
Medium Vulnerabilities
Primary
Vendor -- Product Description
Publishe
d
CVS
S
Scor
e
Source &
Patch Info
cozmoslabs -- profile_builder
Multiple cross-site
scripting (XSS)
vulnerabilities in
assets/misc/fallback-
page.php in the Profile
Builder plugin before
2.0.3 for WordPress allow
remote attackers to inject
arbitrary web script or
HTML via the (1)
site_name, (2) message, or
(3) site_url parameter.
2017-10-
06 4.3
CVE-2014-
8492
MISC(link is
external)
MISC(link is
external)
docker -- docker
Docker before 1.5 allows
local users to have
unspecified impact via
vectors involving unsafe
/tmp usage.
2017-10-
06 4.6
CVE-2014-
0047
MLIST(link
is external)
BID(link is
external)
CONFIRM(li
nk is
external)
formget -- easy_contact_form_solution
Cross-site scripting (XSS)
vulnerability in the Easy
Contact Form Solution
plugin before 1.7 for
WordPress allows remote
attackers to inject arbitrary
web script or HTML via
the value parameter in a
master_response action to
wp-admin/admin-
ajax.php.
2017-10-
06 4.3
CVE-2014-
7240
MISC(link is
external)
MISC(link is
external)
intelliants -- subrion_cms
There are CSRF
vulnerabilities in Subrion
CMS before 4.2.0 because
of a logic error. Although
there is functionality to
detect CSRF, it is called
too late in the ia.core.php
code, allowing (for
example) an attack against
2017-10-
06 6.8
CVE-2017-
15063
MISC(link is
external)
Primary
Vendor -- Product Description
Publishe
d
CVS
S
Scor
e
Source &
Patch Info
the query parameter to
panel/database.
lame_project -- lame
LAME 3.99.5 has a heap-
based buffer over-read in
fill_buffer in
libmp3lame/util.c, related
to
lame_encode_buffer_sam
ple_t in
libmp3lame/lame.c, a
different vulnerability than
CVE-2017-9410.
2017-10-
06 4.3
CVE-2017-
15045
MISC(link is
external)
lame_project -- lame
LAME 3.99.5 has a stack-
based buffer overflow in
unpack_read_samples in
frontend/get_audio.c, a
different vulnerability than
CVE-2017-9412.
2017-10-
06 4.3
CVE-2017-
15046
MISC(link is
external)
libcsoap_project -- libcsoap
nanohttp in libcsoap
allows remote attackers to
cause a denial of service
(NULL pointer
dereference and
application crash) via a
crafted Authorization
header.
2017-10-
06 5.0
CVE-2015-
2297
MLIST(link
is external)
phpbugtracker_project -- phpbugtracker
Multiple cross-site request
forgery (CSRF)
vulnerabilities in
Issuetracker
phpBugTracker before
1.7.0 allow remote
authenticated users to (1)
hijack the authentication
of users for requests that
cause an unspecified
impact via the id
parameter to project.php,
(2) hijack the
authentication of users for
requests that cause an
unspecified impact via the
2017-10-
06 6.0
CVE-2015-
2142
MLIST(link
is external)
CONFIRM(li
nk is
external)
Primary
Vendor -- Product Description
Publishe
d
CVS
S
Scor
e
Source &
Patch Info
group_id parameter to
group.php, (3) hijack the
authentication of users for
requests that delete
statuses via the status_id
parameter to status.php,
(4) hijack the
authentication of users for
requests that delete
severities via the
severity_id parameter to
severity.php, (5) hijack the
authentication of users for
requests that cause an
unspecified impact via the
priority_id parameter to
priority.php, (6) hijack the
authentication of users for
requests that delete the
operating system via the
os_id parameter to os.php,
(7) hijack the
authentication of users for
requests that delete
databases via the
database_id parameter to
database.php, or (8) hijack
the authentication of users
for requests that delete
sites via the site_id
parameter to sites.php.
phpbugtracker_project -- phpbugtracker
Multiple cross-site request
forgery (CSRF)
vulnerabilities in
Issuetracker
phpBugTracker before
1.7.0 allow remote
attackers to hijack the
authentication of users for
requests that cause an
unspecified impact via
unknown parameters.
2017-10-
06 6.8
CVE-2015-
2143
MLIST(link
is external)
Primary
Vendor -- Product Description
Publishe
d
CVS
S
Scor
e
Source &
Patch Info
qnap -- qts_helpdesk
QNAP has already
patched this vulnerability.
This security concern
allows a remote attacker to
perform an SQL injection
on the application and
obtain Helpdesk
application information. A
remote attacker does not
require any privileges to
successfully execute this
attack.
2017-10-
06 5.0
CVE-2017-
13068
MISC(link is
external)
rapid7 -- metasploit
The web UI in Rapid7
Metasploit before 4.14.1-
20170828 allows logout
CSRF, aka R7-2017-22.
2017-10-
06 4.3
CVE-2017-
15084
CONFIRM(li
nk is
external)
tech-banker -- gallery_bank
Cross-site scripting (XSS)
vulnerability in Best
Gallery Albums Plugin
before 3.0.70for
WordPress allows remote
attackers to inject arbitrary
web script or HTML via
the order_id parameter in
the gallery_album_sorting
page to wp-
admin/admin.php.
2017-10-
06 4.3
CVE-2014-
8758
MISC(link is
external)
MISC(link is
external)
wpmudev --
smush_image_compression_and_optimi
zation
The Smush Image
Compression and
Optimization plugin
before 2.7.6 for
WordPress allows
directory traversal.
2017-10-
06 5.0
CVE-2017-
15079
CONFIRM
CONFIRM Back to top
Low Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source & Patch
Info
openkm -- openkm
Cross-site scripting (XSS)
vulnerability in OpenKM before
2017-10-
06 3.5
CVE-2014-8957
MISC(link is
Primary
Vendor -- Product Description Published
CVSS
Score
Source & Patch
Info
6.4.19 allows remote authenticated
users to inject arbitrary web script or
HTML via the Tasks parameter.
external)
BID(link is
external)
MISC(link is
external)
phpbugtracker_project
-- phpbugtracker
Multiple cross-site scripting (XSS)
vulnerabilities in Issuetracker
phpBugTracker before 1.7.0 allow
remote authenticated users to inject
arbitrary web script or HTML via the
(1) project name parameter to
project.php; the (2) use_js parameter
to user.php; the (3) use_js parameter
to group.php; the (4) Description
parameter to status.php; the (5)
Description parameter to severity.php;
the (6) Regex parameter to os.php; or
the (7) Name parameter to
database.php.
2017-10-
06 3.5
CVE-2015-2144
MLIST(link is
external)
CONFIRM(link
is external)
phpbugtracker_project
-- phpbugtracker
Multiple cross-site scripting (XSS)
vulnerabilities in Issuetracker
phpBugTracker before 1.7.0 allow
remote attackers to inject arbitrary
web script or HTML via unspecified
parameters.
2017-10-
06 3.5
CVE-2015-2145
MLIST(link is
external)
phpbugtracker_project
-- phpbugtracker
Multiple cross-site scripting (XSS)
vulnerabilities in Issuetracker
phpBugTracker before 1.7.2 allow
remote attackers to inject arbitrary
web script or HTML via unspecified
parameters.
2017-10-
06 3.5
CVE-2015-2148
MLIST(link is
external) Back to top
Severity Not Yet Assigned
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
accellion --
file_transfer_appliance
Directory traversal vulnerability in the
template function in function.inc in
Accellion File Transfer Appliance devices
before FTA_9_11_210 allows remote
2017
-10-
10
not
yet
calcu
lated
CVE-
2015-
2856
MISC(li
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
attackers to read arbitrary files via a .. (dot
dot) in the statecode cookie.
nk is
external)
airtame -- airtame
/bin/login.php in the Web Panel on the
Airtame HDMI dongle with firmware
before 3.0 allows an attacker to set his own
session id via a "Cookie: PHPSESSID="
header. This can be used to achieve
persistent access to the admin panel even
after an admin password change.
2017
-10-
14
not
yet
calcu
lated
CVE-
2017-
15304
MISC(li
nk is
external)
apache -- gridgrain
Directory traversal vulnerability in the Visor
GUI Console in GridGain before 1.7.16,
1.8.x before 1.8.12, 1.9.x before 1.9.7, and
8.x before 8.1.5 allows remote authenticated
users to read arbitrary files on remote
cluster nodes via a crafted path.
2017
-10-
09
not
yet
calcu
lated
CVE-
2017-
14614
MLIST(l
ink is
external)
apache -- nifi
An authorized user could upload a template
which contained malicious code and
accessed sensitive files via an XML
External Entity (XXE) attack. The fix to
properly handle XML External Entities was
applied on the Apache NiFi 1.4.0 release.
Users running a prior 1.x release should
upgrade to the appropriate release.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
12623
CONFIR
M
apache -- openmeetings
Apache Openmeetings before 3.1.2 is
vulnerable to Remote Code Execution via
RMI deserialization attack.
2017
-10-
12
not
yet
calcu
lated
CVE-
2016-
8736
MISC
BID(link
is
external)
apache -- ranger
In Apache Ranger before 0.6.2, users with
"keyadmin" role should not be allowed to
change password for users with "admin"
role.
2017
-10-
13
not
yet
calcu
lated
CVE-
2016-
6815
BID(link
is
external)
CONFIR
M
apache -- roller
The XML-RPC protocol support in Apache
Roller before 5.0.3 allows attackers to
conduct XML External Entity (XXE)
attacks via unspecified vectors.
2017
-10-
09
not
yet
calcu
lated
CVE-
2014-
0030
CONFIR
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
MLIST
apache -- solr
Remote code execution occurs in Apache
Solr before 7.1 with Apache Lucene before
7.1 by exploiting XXE in conjunction with
use of a Config API add-listener command
to reach the RunExecutableListener class.
Elasticsearch, although it uses Lucene, is
NOT vulnerable to this.
2017
-10-
14
not
yet
calcu
lated
CVE-
2017-
12629
MISC(li
nk is
external)
BID(link
is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
apache-- zookeeper
Two four letter word commands
"wchp/wchc" are CPU intensive and could
cause spike of CPU utilization on Apache
ZooKeeper server if abused, which leads to
the server unable to serve legitimate client
requests. Apache ZooKeeper thru version
3.4.9 and 3.5.2 suffer from this issue, fixed
in 3.4.10, 3.5.3, and later.
2017
-10-
09
not
yet
calcu
lated
CVE-
2017-
5637
BID(link
is
external)
CONFIR
M
MLIST
asterisk -- asterisk
In Asterisk 11.x before 11.25.3, 13.x before
13.17.2, and 14.x before 14.6.2 and
Certified Asterisk 11.x before 11.6-cert18
and 13.x before 13.13-cert6, insufficient
RTCP packet validation could allow reading
stale buffer contents and when combined
with the "nat" and "symmetric_rtp" options
allow redirecting where Asterisk sends the
next RTCP report.
2017
-10-
09
not
yet
calcu
lated
CVE-
2017-
14603
CONFIR
M
DEBIA
N
CONFIR
M
atlassian --
fisheye_and_crucible
Various resources in Atlassian FishEye and
Crucible before version 4.4.2 allow remote
attackers to inject arbitrary HTML or
2017
-10-
11
not
yet
CVE-
2017-
14588
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
JavaScript via a cross site scripting (XSS)
vulnerability in the dialog parameter.
calcu
lated
BID(link
is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
atlassian --
fisheye_and_crucible
The administration user deletion resource in
Atlassian FishEye and Crucible before
version 4.4.2 allows remote attackers to
inject arbitrary HTML or JavaScript via a
cross site scripting (XSS) vulnerability in
the uname parameter.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
14587
MISC(li
nk is
external)
MISC(li
nk is
external)
atutor -- lms
Multiple cross-site scripting (XSS)
vulnerabilities in ATutor LMS version 2.2.
2017
-10-
10
not
yet
calcu
lated
CVE-
2015-
6521
MLIST(l
ink is
external)
CONFIR
M(link is
external)
bamboo -- bamboo
Bamboo before 6.0.5, 6.1.x before 6.1.4,
and 6.2.x before 6.2.1 had a REST endpoint
that parsed a YAML file and did not
sufficiently restrict which classes could be
loaded. An attacker who can log in to
Bamboo as a user is able to exploit this
vulnerability to execute Java code of their
choice on systems that have vulnerable
versions of Bamboo.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
9514
CONFIR
M(link is
external)
cacti -- cacti
include/global_session.php in Cacti 1.1.25
has XSS related to (1) the URI or (2) the
refresh page.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15194
SECTR
ACK(lin
k is
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
cisco -- firmware
Multiple Cisco embedded devices use
hardcoded X.509 certificates and SSH host
keys embedded in the firmware, which
allows remote attackers to defeat
cryptographic protection mechanisms and
conduct man-in-the-middle attacks by
leveraging knowledge of these certificates
and keys from another installation, aka Bug
IDs CSCuw46610, CSCuw46620,
CSCuw46637, CSCuw46654,
CSCuw46665, CSCuw46672,
CSCuw46677, CSCuw46682,
CSCuw46705, CSCuw46716,
CSCuw46979, CSCuw47005,
CSCuw47028, CSCuw47040,
CSCuw47048, CSCuw47061,
CSCuw90860, CSCuw90869,
CSCuw90875, CSCuw90881,
CSCuw90899, and CSCuw90913.
2017
-10-
12
not
yet
calcu
lated
CVE-
2015-
6358
CISCO(l
ink is
external)
CERT-
VN
BID(link
is
external)
SECTR
ACK(lin
k is
external)
SECTR
ACK(lin
k is
external)
SECTR
ACK(lin
k is
external)
SECTR
ACK(lin
k is
external)
cybozu -- office
Cybozu Office 10.0.0 to 10.6.1 allows
authenticated attackers to bypass access
restriction to perform arbitrary actions via
"Cabinet" function.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
10857
JVN(link
is
external)
CONFIR
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
dotcms -- dotcms
The dotCMS 4.1.1 application is vulnerable
to Stored Cross-Site Scripting (XSS)
affecting a vanity-urls Title field, a
containers Description field, and a templates
Description field.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15219
MISC(li
nk is
external)
dream --
multimedia_dreambox_devices
There is XSS in the BouquetEditor
WebPlugin for Dream Multimedia
Dreambox devices, as demonstrated by the
"Name des Bouquets" field, or the file
parameter to the /file URI.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
15287
MISC(li
nk is
external)
EXPLOI
T-
DB(link
is
external)
emc --
network_configuration_manag
er
EMC Network Configuration Manager
(NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is
affected by a reflected cross-site scripting
Vulnerability that could potentially be
exploited by malicious users to compromise
the affected system.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
8017
CONFIR
M
BID(link
is
external)
SECTR
ACK(lin
k is
external)
epson -- software
The Epson "EasyMP" software (tested on
version 2.86) is designed to remotely stream
a user's computer to supporting projectors.
These devices are authenticated using a
unique 4-digit code, displayed on-screen -
ensuring only those who can view it are
streaming. In addition to the password, each
projector (tested on PowerLite Pro G5650W
and G6050W) has a hardcoded "backdoor"
code (2270), which authenticates to all
devices.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
12860
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
epson -- software
The Epson "EasyMP" software (tested on
version 2.86) is designed to remotely stream
a user's computer to supporting projectors.
These devices are authenticated using a
unique 4-digit code, displayed on-screen -
ensuring only those who can view it are
streaming. All Epson projectors (tested on
PowerLite Pro G5650W and
G6050W)supporting the "EasyMP"
software are vulnerable to a brute-force
vulnerability, allowing any attacker on the
network to remotely control and stream to
the vulnerable device.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
12861
MISC(li
nk is
external)
eyesofnetwork --
eyesofnetwork
A persistent (stored) XSS vulnerability in
the EyesOfNetwork web interface (aka
eonweb) 5.1-0 allows remote authenticated
administrators to inject arbitrary web script
or HTML via the hosts array parameter to
module/admin_device/index.php.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15188
MISC(li
nk is
external)
flexense --
vx_search_enterprise
Flexense VX Search Enterprise 10.1.12 is
vulnerable to a buffer overflow via an
empty POST request to a long URI
beginning with a /../ substring. This allows
remote attackers to execute arbitrary code.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15220
EXPLOI
T-
DB(link
is
external)
flyspray -- flyspray
Stored XSS vulnerability in Flyspray 1.0-
rc4 before 1.0-rc6 allows an authenticated
user to inject JavaScript to gain
administrator privileges and also to execute
JavaScript against other users (including
unauthenticated users), via the name, title,
or id parameter to
plugins/dokuwiki/lib/plugins/changelinks/sy
ntax.php.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15214
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
flyspray -- flyspray
Stored XSS vulnerability in Flyspray before
1.0-rc6 allows an authenticated user to
inject JavaScript to gain administrator
2017
-10-
10
not
yet
CVE-
2017-
15213
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
privileges, via the real_name or
email_address field to
themes/CleanFS/templates/common.editallu
sers.tpl.
calcu
lated
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
freebsd -- sys_amd64
The sys_amd64 IRET Handler in the kernel
in FreeBSD 9.3 and 10.1 allows local users
to gain privileges or cause a denial of
service (kernel panic).
2017
-10-
10
not
yet
calcu
lated
CVE-
2015-
5675
MISC(li
nk is
external)
BUGTR
AQ(link
is
external)
BID(link
is
external)
SECTR
ACK(lin
k is
external)
FREEBS
D
git -- git
Git through 2.14.2 mishandles layers of tree
objects, which allows remote attackers to
cause a denial of service (memory
consumption) via a crafted repository, aka a
Git bomb. This can also have an impact of
disk consumption; however, an affected
process typically would not survive its
attempt to build the data structure in
memory before writing to disk.
2017
-10-
14
not
yet
calcu
lated
CVE-
2017-
15298
MISC(li
nk is
external)
MISC(li
nk is
external)
gnu -- binutils
_bfd_dwarf2_cleanup_debug_info in
dwarf2.c in the Binary File Descriptor
(BFD) library (aka libbfd), as distributed in
GNU Binutils 2.29, allows remote attackers
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15225
CONFIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
to cause a denial of service (memory leak)
via a crafted ELF file.
CONFIR
M
gnu -- libextractor
In GNU Libextractor 1.4, there is a NULL
Pointer Dereference in flac_metadata in
flac_extractor.c.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15267
MISC
MISC(li
nk is
external)
MISC(li
nk is
external)
gnu -- libextractor
In GNU Libextractor 1.4, there is a Divide-
By-Zero in
EXTRACTOR_wav_extract_method in
wav_extractor.c via a zero sample rate.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15266
MISC
MISC(li
nk is
external)
MISC(li
nk is
external)
gnu -- mpfr
Buffer overflow in the mpfr_strtofr function
in GNU MPFR before 3.1.2-p11 allows
context-dependent attackers to have
unspecified impact via vectors related to
incorrect documentation for mpn_set_str.
2017
-10-
09
not
yet
calcu
lated
CVE-
2014-
9474
FEDOR
A
FEDOR
A
CONFIR
M
MLIST(l
ink is
external)
BID(link
is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
external)
MLIST
GENTO
O
graphicsmagick --
graphicsmagick
ReadOneJNGImage in coders/png.c in
GraphicsMagick 1.3.26 has a use-after-free
issue when the height or width is zero,
related to ReadJNGImage.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15238
CONFIR
M
CONFIR
M
CONFIR
M(link is
external)
gurunavi -- app_for_ios
Gurunavi App for iOS before 6.0.0 does not
verify SSL certificates which could allow
remote attackers to perform man-in-the-
middle attacks.
2017
-10-
10
not
yet
calcu
lated
CVE-
2015-
7778
JVN(link
is
external)
JVNDB(
link is
external)
BID(link
is
external)
hitachi --
hibun_confidential_file_decryp
tion
Untrusted search path vulnerability in
HIBUN Confidential File Decryption
program prior to 10.50.0.5 allows an
attacker to gain privileges via a Trojan horse
DLL in an unspecified directory. Note this
is a separate vulnerability from CVE-2017-
10865.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
10863
CONFIR
M(link is
external)
JVN(link
is
external)
hitachi --
hibun_confidential_file_decryp
tion
Untrusted search path vulnerability in
HIBUN Confidential File Decryption
program prior to 10.50.0.5 allows an
attacker to gain privileges via a Trojan horse
DLL in an unspecified directory. Note this
is a separate vulnerability from CVE-2017-
10863.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
10865
CONFIR
M(link is
external)
JVN(link
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
is
external)
hitachi --
hibun_confidential_file_viewer
Untrusted search path vulnerability in
Installer of HIBUN Confidential File
Viewer prior to 11.20.0001 allows an
attacker to gain privileges via a Trojan horse
DLL in an unspecified directory.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
10864
CONFIR
M(link is
external)
JVN(link
is
external)
horde -- groupware
The File Manager (gollem) module 3.0.11 in
Horde Groupware 5.2.21 allows remote
attackers to bypass Horde authentication for
file downloads via a crafted fn parameter
that corresponds to the exact filename.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15235
MISC(li
nk is
external)
hpe --
intelligent_management_center
The doFilter method in UrlAccessController
in HPE Intelligent Management Center
(iMC) PLAT 7.2 E0403P06 allows remote
bypass of authentication via unspecified
strings in a URI.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
5791
BID(link
is
external)
BID(link
is
external)
SECTR
ACK(lin
k is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
CONFIR
M(link is
external)
hpe -- operations_orchestration
A input validation vulnerability in HPE
Operations Orchestration product all
2017
-10-
10
not
yet
CVE-
2017-
8994
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
versions prior to 10.80, allows for the
execution of code remotely.
calcu
lated
BID(link
is
external)
CONFIR
M(link is
external)
hpe -- performance_center
HPE LoadRunner before 12.53 Patch 4 and
HPE Performance Center before 12.53
Patch 4 allow remote attackers to execute
arbitrary code via unspecified vectors. At
least in LoadRunner, this is a libxdrutil.dll
mxdr_string heap-based buffer overflow.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
5789
BID(link
is
external)
BID(link
is
external)
SECTR
ACK(lin
k is
external)
SECTR
ACK(lin
k is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
CONFIR
M(link is
external)
huawei -- fusionserver
Huawei FusionServer rack servers RH2288
V3 with software before
V100R003C00SPC603, RH2288H V3 with
software before V100R003C00SPC503,
XH628 V3 with software before
V100R003C00SPC602, RH1288 V3 with
software before V100R003C00SPC602,
RH2288A V2 with software before
V100R002C00SPC701, RH1288A V2 with
software before V100R002C00SPC502,
2017
-10-
09
not
yet
calcu
lated
CVE-
2015-
7842
BID(link
is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
RH8100 V3 with software before
V100R003C00SPC110, CH222 V3 with
software before V100R001C00SPC161,
CH220 V3 with software before
V100R001C00SPC161, and CH121 V3
with software before V100R001C00SPC161
allow remote authenticated operators to
change server information by leveraging
failure to verify user permissions.
ibm --
financial_transaction_manager
_for_ach_services_for_multi-
platform
IBM Financial Transaction Manager for
ACH Services for Multi-Platform 3.0.2
could allow an authenticated user to obtain
sensitive information from an
undocumented URL. IBM X-Force ID:
130735.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
1538
CONFIR
M(link is
external)
BID(link
is
external)
MISC(li
nk is
external)
ibm --
websphere_application_server
IBM WebSphere Application Server 7.0,
8.0, 8.5, and 9.0 is vulnerable to HTTP
response splitting attacks. A remote attacker
could exploit this vulnerability using
specially-crafted URL to cause the server to
return a split response, once the URL is
clicked. This would allow the attacker to
perform further attacks, such as Web cache
poisoning, cross-site scripting, and possibly
obtain sensitive information. IBM X-Force
ID: 129578.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
1503
CONFIR
M(link is
external)
BID(link
is
external)
SECTR
ACK(lin
k is
external)
MISC(li
nk is
external)
identicard -- two-
reader_controller_configuratio
n_manager
IDenticard Two-Reader Controller
Configuration Manager 1.18.8 (396) is
vulnerable to Stored Cross-Site Scripting
(XSS) via the notes field in
2017
-10-
09
not
yet
calcu
lated
CVE-
2017-
14973
MISC(li
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
/~user_handler?file=logged_in.shtm (aka
the edit user page).
nk is
external)
imagemagick -- imagemagick
ImageMagick 7.0.7-2 has a memory leak in
ReadOneJNGImage in coders/png.c.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15218
BID(link
is
external)
CONFIR
M(link is
external)
imagemagick -- imagemagick
ImageMagick 7.0.7-2 has a memory leak in
ReadSGIImage in coders/sgi.c.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15217
BID(link
is
external)
CONFIR
M(link is
external)
imagemagick -- imagemagick
ReadPSDImage in coders/psd.c in
ImageMagick 7.0.7-6 allows remote
attackers to cause a denial of service
(application crash) or possibly have
unspecified other impact via a crafted file,
related to "Conditional jump or move
depends on uninitialised value(s)."
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
15281
CONFIR
M(link is
external)
imagemagick_and_graphicsma
gick --
imagemagick_and_graphicsma
gick
ReadGIFImage in coders/gif.c in
ImageMagick 7.0.6-1 and GraphicsMagick
1.3.26 leaves the palette uninitialized when
processing a GIF file that has neither a
global nor local palette. If the affected
product is used as a library loaded into a
process that operates on interesting data,
this data sometimes can be leaked via the
uninitialized palette.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
15277
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
infocus -- mondopad
Infocus Mondopad 2.2.08 is vulnerable to a
Hashed Credential Disclosure vulnerability.
The attacker provides a crafted Microsoft
2017
-10-
09
not
yet
CVE-
2017-
14971
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
Office document containing a link that has a
UNC pathname associated with an attacker-
controller server. In one specific scenario,
the attacker provides an Excel spreadsheet,
and the attacker-controller server receives
the victim's NetNTLMv2 hash.
calcu
lated
MISC(li
nk is
external)
infocus -- mondopad
InFocus Mondopad 2.2.08 is vulnerable to
authentication bypass when accessing
uploaded files by entering Control-Alt-
Delete, and then using Task Manager to
reach a file.
2017
-10-
09
not
yet
calcu
lated
CVE-
2017-
14972
MISC(li
nk is
external)
intel -- nuc_firmware
Insecure platform configuration in system
firmware for Intel NUC7i3BNK,
NUC7i3BNH, NUC7i5BNK, NUC7i5BNH,
NUC7i7BNH versions BN0049 and below
allows an attacker with physical presence to
run arbitrary code via unauthorized
firmware modification during BIOS
Recovery.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
5701
BID(link
is
external)
CONFIR
M(link is
external)
intel -- nuc_firmware
Incorrect policy enforcement in system
firmware for Intel NUC7i3BNK,
NUC7i3BNH, NUC7i5BNK, NUC7i5BNH,
NUC7i7BNH versions BN0049 and below
allows attackers with local or physical
access to bypass enforcement of integrity
protections via manipulation of firmware
storage.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
5722
BID(link
is
external)
CONFIR
M(link is
external)
intel -- nuc_firmware
Insufficient input validation in system
firmware for Intel NUC7i3BNK,
NUC7i3BNH, NUC7i5BNK, NUC7i5BNH,
NUC7i7BNH versions BN0049 and below
allows local attackers to execute arbitrary
code via manipulation of memory.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
5721
CONFIR
M(link is
external)
intel -- nuc_firmware
Insufficient protection of password storage
in system firmware for Intel NUC7i3BNK,
NUC7i3BNH, NUC7i5BNK, NUC7i5BNH,
NUC7i7BNH versions BN0049 and below
allows local attackers to bypass
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
5700
BID(link
is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
Administrator and User passwords via
access to password storage.
CONFIR
M(link is
external)
ipv6 -- ipv6
Receipt of a specifically malformed IPv6
packet processed by the router may trigger a
line card reset: processor exception
0x68616c74 (halt) in task: scheduler. The
line card will reboot and recover without
user interaction. However, additional
specifically malformed packets may cause
follow-on line card resets and lead to an
extended service outage. This issue only
affects E Series routers with IPv6 licensed
and enabled. Routers not configured to
process IPv6 traffic are unaffected by this
vulnerability. Juniper SIRT is not aware of
any malicious exploitation of this
vulnerability. No other Juniper Networks
products or platforms are affected by this
issue.
2017
-10-
13
not
yet
calcu
lated
CVE-
2016-
4925
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to a "Possible Stack Corruption
starting at
PDF!xmlGetGlobalState+0x000000000005
68a4."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15243
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to a "Possible Stack Corruption
starting at
PDF!xmlGetGlobalState+0x000000000005
7b35."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15261
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
execute arbitrary code or cause a denial of
service via a crafted .pdf file, related to
"Data from Faulting Address controls Code
Flow starting at
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15257
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
PDF!xmlParserInputRead+0x00000000000
9174a."
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
execute arbitrary code or cause a denial of
service via a crafted .pdf file, related to a
"Read Access Violation on Block Data
Move starting at
PDF!xmlListWalk+0x00000000000158cb."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15252
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
execute arbitrary code or cause a denial of
service via a crafted .pdf file, related to a
"User Mode Write AV starting at
PDF!xmlGetGlobalState+0x000000000007
dff2."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15253
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to a "Read Access Violation
starting at
PDF!xmlGetGlobalState+0x000000000007
dfa5."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15254
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to "Data from Faulting Address
controls Branch Selection starting at
PDF!xmlParserInputRead+0x00000000000
929f5."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15241
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to a "Read Access Violation
starting at
PDF!xmlParserInputRead+0x00000000001
61a9c."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15258
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to "Data from Faulting Address
may be used as a return value starting at
PDF!xmlParserInputRead+0x00000000001
29a59."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15260
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to "Data from Faulting Address
controls Branch Selection starting at
PDF!xmlListWalk+0x00000000000166c4."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15263
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
execute arbitrary code or cause a denial of
service via a crafted .pdf file, related to
"Data from Faulting Address controls Code
Flow starting at
PDF!xmlParserInputRead+0x00000000000
48d0c."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15262
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) allows
attackers to cause a denial of service or
possibly have unspecified other impact via a
crafted .tif file, related to "Data from
Faulting Address is used as one or more
arguments in a subsequent Function Call
starting at
image00000000_00400000+0x0000000000
0236e4."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15264
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to "Data from Faulting Address
controls Branch Selection starting at
PDF!xmlParserInputRead+0x00000000001
1624a."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15259
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
irfanview -- irfanview
IrfanView 4.44 - 32bit with PDF plugin
version 4.43 allows attackers to cause a
denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to "Data from Faulting Address
may be used as a return value starting at
PDF!xmlParserInputRead+0x00000000000
40db4."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15239
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to "Data from Faulting Address
controls Branch Selection starting at
PDF!xmlGetGlobalState+0x000000000005
7b76."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15245
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
execute arbitrary code or cause a denial of
service via a crafted .pdf file, related to a
"User Mode Write AV starting at
PDF!xmlGetGlobalState+0x000000000003
1abe."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15242
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to "Data from Faulting Address
controls Branch Selection starting at
PDF!xmlListWalk+0x0000000000019fc8."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15256
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to an "Error Code (0xe06d7363)
starting at
wow64!Wow64NotifyDebugger+0x000000
000000001d."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15244
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15250
MISC(li
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
file, related to a "Read Access Violation
starting at
PDF!xmlParserInputRead+0x00000000001
32e19."
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to a "Read Access Violation
starting at
PDF!xmlParserInputRead+0x00000000001
32cef."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15240
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
execute arbitrary code or cause a denial of
service via a crafted .pdf file, related to
"Data from Faulting Address controls Code
Flow starting at
PDF!xmlGetGlobalState+0x000000000006
3ca6."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15248
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
execute arbitrary code or cause a denial of
service via a crafted .pdf file, related to a
"Read Access Violation on Block Data
Move starting at
PDF!xmlListWalk+0x000000000001515b."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15246
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to "Data from Faulting Address
controls Branch Selection starting at
PDF!xmlParserInputRead+0x00000000001
168a1."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15247
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
cause a denial of service or possibly have
unspecified other impact via a crafted .pdf
file, related to a "Read Access Violation
starting at
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15255
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
PDF!xmlParserInputRead+0x00000000001
601b0."
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
execute arbitrary code or cause a denial of
service via a crafted .pdf file, related to
"Data from Faulting Address controls Code
Flow starting at
PDF!xmlGetGlobalState+0x000000000006
68d6."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15249
MISC(li
nk is
external)
irfanview -- irfanview
IrfanView version 4.44 (32bit) with PDF
plugin version 4.43 allows attackers to
execute arbitrary code or cause a denial of
service via a crafted .pdf file, related to
"Data from Faulting Address controls Code
Flow starting at
PDF!xmlParserInputRead+0x00000000000
e7326."
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15251
MISC(li
nk is
external)
jantek -- jtc-200
An Improper Authentication issue was
discovered in JanTek JTC-200, all versions.
The improper authentication could provide
an undocumented BusyBox Linux shell
accessible over the TELNET service
without any authentication.
2017
-10-
12
not
yet
calcu
lated
CVE-
2016-
5791
MISC
jantek -- jtc-200
A Cross-site Request Forgery issue was
discovered in JanTek JTC-200, all versions.
An attacker could perform actions with the
same permissions as a victim user, provided
the victim has an active session and is
induced to trigger the malicious request.
2017
-10-
12
not
yet
calcu
lated
CVE-
2016-
5789
MISC
javascript -- node
Node.js 4.0.0, 4.1.0, and 4.1.1 allows
remote attackers to cause a denial of service.
2017
-10-
10
not
yet
calcu
lated
CVE-
2015-
7384
BID(link
is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
juniper -- contrail
The ifmap service that comes bundled with
Juniper Networks Contrail releases uses
hard coded credentials. Affected releases are
Contrail releases 2.2 prior to 2.21.4; 3.0
prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2
prior to 3.2.5.0. CVE-2017-10616 and
CVE-2017-10617 can be chained together
and have a combined CVSSv3 score of 5.8
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:
L/I:N/A:N).
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10616
CONFIR
M(link is
external)
juniper -- contrail
The ifmap service that comes bundled with
Contrail has an XML External Entity (XXE)
vulnerability that may allow an attacker to
retrieve sensitive system files. Affected
releases are Juniper Networks Contrail 2.2
prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior
to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-
10616 and CVE-2017-10617 can be chained
together and have a combined CVSSv3
score of 5.8
(AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10617
CONFIR
M(link is
external)
juniper -- junos_os
Juniper Networks Junos OS 16.1R1, and
services releases based off of 16.1R1, are
vulnerable to the receipt of a crafted BGP
Protocol Data Unit (PDU) sent directly to
the router, which can cause the RPD routing
process to crash and restart. Unlike BGP
UPDATEs, which are transitive in nature,
this issue can only be triggered by a packet
sent directly to the IP address of the router.
Repeated crashes of the rpd daemon can
result in an extended denial of service
condition. This issue only affects devices
running Junos OS 16.1R1 and services
releases based off of 16.1R1 (e.g. 16.1R1-
S1, 16.1R1-S2, 16.1R1-S3). No prior
versions of Junos OS are affected by this
vulnerability, and this issue was resolved in
Junos OS 16.2 prior to 16.2R1. No other
Juniper Networks products or platforms are
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10607
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
affected by this issue. This issue was found
during internal product security testing.
juniper -- junos_os
Lack of authentication and authorization of
cluster messages in Juniper Networks Junos
Space may allow a man-in-the-middle type
of attacker to intercept, inject or disrupt
Junos Space cluster operations between two
nodes. Affected releases are Juniper
Networks Junos Space all versions prior to
17.1R1.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10623
CONFIR
M(link is
external)
juniper -- junos_space
A persistent site scripting vulnerability in
Juniper Networks Junos Space allows users
who can change certain configuration to
implant malicious Javascript or HTML
which may be used to steal information or
perform actions as other Junos Space users
or administrators. Affected releases are
Juniper Networks Junos Space all versions
prior to 17.1R1.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10612
BID(link
is
external)
CONFIR
M(link is
external)
juniper -- junos_space
An authentication bypass vulnerability in
Juniper Networks Junos Space Network
Management Platform may allow a remote
unauthenticated network based attacker to
login as any privileged user. This issue only
affects Junos Space Network Management
Platform 17.1R1 without Patch v1 and 16.1
releases prior to 16.1R3. This issue was
found by an external security researcher.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10622
BID(link
is
external)
CONFIR
M(link is
external)
juniper -- junos_space
Insufficient verification of node certificates
in Juniper Networks Junos Space may allow
a man-in-the-middle type of attacker to
make unauthorized modifications to Space
database or add nodes. Affected releases are
Juniper Networks Junos Space all versions
prior to 17.1R1.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10624
BID(link
is
external)
CONFIR
M(link is
external)
juniper -- srx_series_devices
A vulnerability in the pluggable
authentication module (PAM) of Juniper
Networks Junos OS may allow an
unauthenticated network based attacker to
potentially execute arbitrary code or crash
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10615
CONFIR
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
daemons such as telnetd or sshd that make
use of PAM. Affected Juniper Networks
Junos OS releases are: 14.1 from 14.1R5
prior to 14.1R8-S4, 14.1R9; 14.1X53 prior
to 14.1X53-D50 on EX and QFX series;
14.2 from 14.2R3 prior to 14.2R7-S8,
14.2R8; No other Junos OS releases are
affected by this issue. No other Juniper
Networks products are affected by this
issue.
M(link is
external)
juniper -- srx_series_devices
A vulnerability in a specific loopback filter
action command, processed in a specific
logical order of operation, in a running
configuration of Juniper Networks Junos
OS, allows an attacker with CLI access and
the ability to initiate remote sessions to the
loopback interface with the defined action,
to hang the kernel. Affected releases are
Juniper Networks Junos OS 12.1X46 prior
to 12.1X46-D55; 12.3X48 prior to 12.3X48-
D35; 14.1 prior to 14.1R8-S4, 14.1R9;
14.1X53 prior to 14.1X53-D40; 14.2 prior
to 14.2R4-S9, 14.2R7-S8, 14.2R8; 15.1
prior to 15.1F5-S3, 15.1F6, 15.1R4;
15.1X49 prior to 15.1X49-D60; 15.1X53
prior to 15.1X53-D47; 16.1 prior to 16.1R2.
No other Juniper Networks products or
platforms are affected by this issue.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10613
CONFIR
M(link is
external)
juniper -- srx_series_devices
A denial of service vulnerability in telnetd
service on Juniper Networks Junos OS
allows remote unauthenticated attackers to
cause a denial of service. Affected Junos OS
releases are: 12.1X46 prior to 12.1X46-
D71; 12.3X48 prior to 12.3X48-D50; 14.1
prior to 14.1R8-S5, 14.1R9; 14.1X53 prior
to 14.1X53-D50; 14.2 prior to 14.2R7-S9,
14.2R8; 15.1 prior to 15.1F2-S16, 15.1F5-
S7, 15.1F6-S6, 15.1R5-S2, 15.1R6;
15.1X49 prior to 15.1X49-D90; 15.1X53
prior to 15.1X53-D47; 16.1 prior to 16.1R4-
S1, 16.1R5; 16.2 prior to 16.2R1-S3,
16.2R2;
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10621
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
juniper -- srx_series_devices
A vulnerability in telnetd service on Junos
OS allows a remote attacker to cause a
limited memory and/or CPU consumption
denial of service attack. This issue was
found during internal product security
testing. Affected releases are Juniper
Networks Junos OS 12.1X46 prior to
12.1X46-D45; 12.3X48 prior to 12.3X48-
D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2
prior to 14.2R6; 15.1 prior to 15.1F5,
15.1R3; 15.1X49 prior to 15.1X49-D40;
15.1X53 prior to 15.1X53-D232, 15.1X53-
D47.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10614
CONFIR
M(link is
external)
juniper -- srx_series_devices
Version 4.40 of the TPM (Trusted Platform
Module) firmware on Juniper Networks
SRX300 Series has a weakness in
generating cryptographic keys that may
allow an attacker to decrypt sensitive
information in SRX300 Series products. The
TPM is used in the SRX300 Series to
encrypt sensitive configuration data. While
other products also ship with a TPM, no
other products or platforms are affected by
this vulnerability. Customers can confirm
the version of TPM firmware via the 'show
security tpm status' command. This issue
was discovered by an external security
researcher. No other Juniper Networks
products or platforms are affected by this
issue.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10606
CONFIR
M(link is
external)
juniper -- srx_series_devices
On SRX Series devices, a crafted ICMP
packet embedded within a NAT64 IPv6 to
IPv4 tunnel may cause the flowd process to
crash. Repeated crashes of the flowd
process constitutes an extended denial of
service condition for the SRX Series device.
This issue only occurs if NAT64 is
configured. Affected releases are Juniper
Networks Junos OS 12.1X46 prior to
12.1X46-D71, 12.3X48 prior to 12.3X48-
D55, 15.1X49 prior to 15.1X49-D100 on
SRX Series. No other Juniper Networks
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10610
CONFIR
M(link is
external)
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
products or platforms are affected by this
issue.
juniper -- srx_series_devices
If extended statistics are enabled via 'set
chassis extended-statistics', when executing
any operation that fetches interface
statistics, including but not limited to SNMP
GET requests, the pfem process or the FPC
may crash and restart. Repeated crashes of
PFE processing can result in an extended
denial of service condition. This issue only
affects the following platforms: (1) EX2200,
EX3300, XRE200 (2) MX Series routers
with MPC7E/8E/9E PFEs installed, and
only if 'extended-statistics' are enabled
under the [edit chassis] configuration.
Affected releases are Juniper Networks
Junos OS 14.1 prior to 14.1R8-S5, 14.1R9
on MX Series; 14.1X53 prior to 14.1X53-
D46, 14.1X53-D50 on EX2200, EX3300,
XRE200; 14.2 prior to 14.2R7-S9, 14.2R8
on MX Series; 15.1 prior to 15.1F5-S8,
15.1F6-S8, 15.1R5-S3, 15.1R6 on MX
Series; 16.1 prior to 16.1R4-S5, 16.1R5,
16.1R6 on MX Series; 16.1X65 prior to
16.1X65-D45 on EX2200, EX3300,
XRE200; 16.2 prior to 16.2R2-S1, 16.2R3
on MX Series; 17.1 prior to 17.1R2-S2,
17.1R3 on MX Series; 17.2 prior to 17.2R1-
S3, 17.2R2 on MX Series; 17.2X75 prior to
17.2X75-D50 on MX Series; 17.3 prior to
17.3R1-S1, 17.3R2 on MX Series. No other
Juniper Networks products or platforms are
affected by this issue.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10611
CONFIR
M(link is
external)
juniper -- srx_series_devices
When Express Path (formerly known as
service offloading) is configured on Juniper
Networks SRX1400, SRX3400, SRX3600,
SRX5400, SRX5600, SRX5800 in high
availability cluster configuration mode,
certain multicast packets might cause the
flowd process to crash, halting or
interrupting traffic from flowing through the
device and triggering RG1+ (data-plane)
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10619
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
fail-over to the secondary node. Repeated
crashes of the flowd process may constitute
an extended denial of service condition.
This service is not enabled by default and is
only supported in high-end SRX platforms.
Affected releases are Juniper Networks
Junos OS 12.3X48 prior to 12.3X48-D45,
15.1X49 prior to 15.1X49-D80 on
SRX1400, SRX3400, SRX3600, SRX5400,
SRX5600, SRX5800.
juniper -- srx_series_devices
When the 'bgp-error-tolerance' feature
â€" designed to help mitigate
remote session resets from malformed path
attributes â€" is enabled, a BGP
UPDATE containing a specifically crafted
set of transitive attributes can cause the
RPD routing process to crash and restart.
Devices with BGP enabled that do not have
'bgp-error-tolerance' configured are not
vulnerable to this issue. Affected releases
are Juniper Networks Junos OS 13.3 prior to
13.3R10-S2; 14.1 prior to 14.1R8-S4,
14.1R9; 14.1X50 prior to 14.1X50-D185;
14.1X53 prior to 14.1X53-D45, 14.1X53-
D50; 14.2 prior to 14.2R7-S7, 14.2R8; 15.1
prior to 15.1F5-S8, 15.1F6-S7, 15.1R5-S6,
15.1R6-S2, 15.1R7; 15.1X49 prior to
15.1X49-D100; 15.1X53 prior to 15.1X53-
D64, 15.1X53-D70; 16.1 prior to 16.1R3-
S4, 16.1R4-S3, 16.1R5; 16.2 prior to
16.2R1-S5, 16.2R2; 17.1 prior to 17.1R1-
S3, 17.1R2; 17.2 prior to 17.2R1-S2,
17.2R2; 17.2X75 prior to 17.2X75-D50. No
other Juniper Networks products or
platforms are affected by this issue.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10618
CONFIR
M(link is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
juniper -- srx_series_devices
Juniper Networks Junos OS on SRX series
devices do not verify the HTTPS server
certificate before downloading anti-virus
updates. This may allow a man-in-the-
middle attacker to inject bogus signatures to
cause service disruptions or make the device
not detect certain types of attacks. Affected
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10620
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
Junos OS releases are: 12.1X46 prior to
12.1X46-D71; 12.3X48 prior to 12.3X48-
D55; 15.1X49 prior to 15.1X49-D110;
juniper -- srx_series_devices
Any Juniper Networks SRX series device
with one or more ALGs enabled may
experience a flowd crash when traffic is
processed by the Sun/MS-RPC ALGs. This
vulnerability in the Sun/MS-RPC ALG
services component of Junos OS allows an
attacker to cause a repeated denial of service
against the target. Repeated traffic in a
cluster may cause repeated flip-flop failure
operations or full failure to the flowd
daemon halting traffic on all nodes. Only
IPv6 traffic is affected by this issue. IPv4
traffic is unaffected. This issues is not seen
with to-host traffic. This issue has no
relation with HA services themselves, only
the ALG service. No other Juniper
Networks products or platforms are affected
by this issue. Affected releases are Juniper
Networks Junos OS 12.1X46 prior to
12.1X46-D55 on SRX; 12.1X47 prior to
12.1X47-D45 on SRX; 12.3X48 prior to
12.3X48-D32, 12.3X48-D35 on SRX;
15.1X49 prior to 15.1X49-D60 on SRX.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
10608
CONFIR
M(link is
external)
juniper -- j-web
J-Web does not validate certain input that
may lead to cross-site request forgery
(CSRF) issues or cause a denial of J-Web
service (DoS).
2017
-10-
13
not
yet
calcu
lated
CVE-
2016-
1261
CONFIR
M(link is
external)
juniper -- j-web
Insufficient cross site scripting protection in
J-Web component in Juniper Networks
Junos OS may potentially allow a remote
unauthenticated user to inject web script or
HTML and steal sensitive data and
credentials from a J-Web session and to
perform administrative actions on the Junos
device. Juniper SIRT is not aware of any
malicious exploitation of this vulnerability.
Affected releases are Juniper Networks
2017
-10-
13
not
yet
calcu
lated
CVE-
2016-
4923
BID(link
is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
Junos OS 11.4 prior to 11.4R13-S3;
12.1X44 prior to 12.1X44-D60; 12.1X46
prior to 12.1X46-D40; 12.1X47 prior to
12.1X47-D30; 12.3 prior to 12.3R11;
12.3X48 prior to 12.3X48-D20; 13.2X51
prior to 13.2X51-D39, 13.2X51-D40; 13.3
prior to 13.3R9; 14.1 prior to 14.1R6; 14.2
prior to 14.2R6; 15.1 prior to 15.1R3;
15.1X49 prior to 15.1X49-D20; 15.1X53
prior to 15.1X53-D57.
juniper -- junos_os
An incorrect permissions vulnerability in
Juniper Networks Junos OS on vMX may
allow local unprivileged users on a host
system read access to vMX or vPFE images
and obtain sensitive information contained
in them such as private cryptographic keys.
This issue was found during internal product
security testing. Juniper SIRT is not aware
of any malicious exploitation of this
vulnerability. No other Juniper Networks
products or platforms are affected by this
issue. Affected releases are Juniper
Networks Junos OS 15.1 prior to 15.1F5;
14.1 prior to 14.1R8
2017
-10-
13
not
yet
calcu
lated
CVE-
2016-
4924
BID(link
is
external)
CONFIR
M(link is
external)
juniper -- junos_os
Certain combinations of Junos OS CLI
commands and arguments have been found
to be exploitable in a way that can allow
unauthorized access to the operating system.
This may allow any user with permissions
to run these CLI commands the ability to
achieve elevated privileges and gain
complete control of the device. Affected
releases are Juniper Networks Junos OS
11.4 prior to 11.4R13-S3; 12.1X46 prior to
12.1X46-D60; 12.1X47 prior to 12.1X47-
D45; 12.3 prior to 12.3R12; 12.3X48 prior
to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3
prior to 13.3R4-S11, 13.3R9; 14.1 prior to
14.1R4-S12, 14.1R7; 14.1X53 prior to
14.1X53-D28, 14.1X53-D40; 14.1X55 prior
to 14.1X55-D35; 14.2 prior to 14.2R3-S10,
14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4,
2017
-10-
13
not
yet
calcu
lated
CVE-
2016-
4922
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
15.1R3; 15.1X49 prior to 15.1X49-D60;
15.1X53 prior to 15.1X53-D57, 15.1X53-
D70.
juniper -- junos_os
By flooding a Juniper Networks router
running Junos OS with specially crafted
IPv6 traffic, all available resources can be
consumed, leading to the inability to store
next hop information for legitimate traffic.
In extreme cases, the crafted IPv6 traffic
may result in a total resource exhaustion and
kernel panic. The issue is triggered by
traffic destined to the router. Transit traffic
does not trigger the vulnerability. This issue
only affects devices with IPv6 enabled and
configured. Devices not configured to
process IPv6 traffic are unaffected by this
vulnerability. This issue was found during
internal product security testing. Juniper
SIRT is not aware of any malicious
exploitation of this vulnerability. Affected
releases are Juniper Networks Junos OS
11.4 prior to 11.4R13-S3; 12.3 prior to
12.3R3-S4; 12.3X48 prior to 12.3X48-D30;
13.3 prior to 13.3R10, 13.3R4-S11; 14.1
prior to 14.1R2-S8, 14.1R4-S12, 14.1R8;
14.1X53 prior to 14.1X53-D28, 14.1X53-
D40; 14.1X55 prior to 14.1X55-D35; 14.2
prior to 14.2R3-S10, 14.2R4-S7, 14.2R6;
15.1 prior to 15.1F2-S5, 15.1F5-S2, 15.1F6,
15.1R3; 15.1X49 prior to 15.1X49-D40;
15.1X53 prior to 15.1X53-D57, 15.1X53-
D70.
2017
-10-
13
not
yet
calcu
lated
CVE-
2016-
4921
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
juniper -- junos_space
A remote unauthenticated network based
attacker with access to Junos Space may
execute arbitrary code on Junos Space or
gain access to devices managed by Junos
Space using cross site request forgery
(CSRF), default authentication credentials,
information leak and command injection
attack vectors. All versions of Juniper
Networks Junos Space prior to 15.1R3 are
affected.
2017
-10-
13
not
yet
calcu
lated
CVE-
2016-
1265
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
jwt-scala -- jwt-scala
jwt-scala 1.2.2 and earlier fails to verify
token signatures correctly which may lead
to an attacker being able to pass specially
crafted JWT data as a correctly signed
token.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
10862
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can see
thumbnails of pictures from a private project
of another user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15210
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can add an
external link to a private project of another
user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15211
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can add an
internal link to a private project of another
user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15206
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can remove
attachments from a private project of
another user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15209
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can at least see
the names of tags of a private project of
another user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15212
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can edit tasks of
a private project of another user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15207
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can add
automatic actions to a private project of
another user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15204
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can download
attachments from a private project of
another user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15205
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can remove
categories from a private project of another
user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15203
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can remove
columns from a private project of another
user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15196
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can edit
swimlanes of a private project of another
user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15195
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can add a new
task to a private project of another user.
2017
-10-
10
not
yet
CVE-
2017-
15200
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
calcu
lated
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can remove
automatic actions from a private project of
another user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15208
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can edit tags of a
private project of another user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15201
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can edit columns
of a private project of another user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15202
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can add a new
category to a private project of another user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15197
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can edit a
category of a private project of another user.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15198
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
MISC(li
nk is
external)
kanboard -- kanboard
In Kanboard before 1.0.47, by altering form
data, an authenticated user can edit metadata
of a private project of another user, as
demonstrated by Name, Email, Identifier,
and Description.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15199
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
lansweeper -- lansweeper
XML external entity (XXE) vulnerability in
the import package functionality of the
deployment module in Lansweeper before
6.0.100.67 allows remote authenticated
users to obtain sensitive information, cause
a denial of service, conduct server-side
request forgery (SSRF) attacks, conduct
internal port scans, or have unspecified
other impact via an XML request, aka bug
#572705.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
13706
MISC(li
nk is
external)
FULLDI
SC
CONFIR
M(link is
external)
lava -- ether-serial_link
An Authentication Bypass by Spoofing
issue was discovered in LAVA Ether-Serial
Link (ESL) running firmware versions
6.01.00/29.03.2007 and prior versions. An
improper authentication vulnerability has
been identified, which, if exploited, would
allow an attacker with the same IP address
to bypass authentication by accessing a
specific uniform resource locator.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
14003
BID(link
is
external)
MISC
libcurl -- libcurl
libcurl may read outside of a heap allocated
buffer when doing FTP. When libcurl
connects to an FTP server and successfully
logs in (anonymous or not), it asks the
2017
-10-
06
not
yet
calcu
lated
CVE-
2017-
1000254
BID(link
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
server for the current directory with the
`PWD` command. The server then responds
with a 257 response containing the path,
inside double quotes. The returned path
name is then kept by libcurl for subsequent
uses. Due to a flaw in the string parser for
this directory name, a directory name passed
like this but without a closing double quote
would lead to libcurl not adding a trailing
NUL byte to the buffer holding the name.
When libcurl would then later access the
string, it could read beyond the allocated
heap buffer and crash or wrongly access
data beyond the buffer, thinking it was part
of the path. A malicious server could abuse
this fact and effectively prevent libcurl-
based clients to work with it - the PWD
command is always issued on new FTP
connections and the mistake has a high
chance of causing a segfault. The simple
fact that this has issue remained
undiscovered for this long could suggest
that malformed PWD responses are rare in
benign servers. We are not aware of any
exploit of this flaw. This bug was
introduced in commit
[415d2e7cb7](https://github.com/curl/curl/c
ommit/415d2e7cb7), March 2005. In libcurl
version 7.56.0, the parser always zero
terminates the string but also rejects it if not
terminated properly with a final double
quote.
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
libjpeg-turbo -- libjpeg-turbo
libjpeg-turbo 1.5.2 has a NULL Pointer
Dereference in jdpostct.c and jquant1.c via a
crafted JPEG file.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15232
MISC(li
nk is
external)
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
libjpeg-turbo -- libjpeg-turbo
libjpeg-turbo before 1.3.1 allows remote
attackers to cause a denial of service (crash)
via a crafted JPEG file, related to the Exif
marker.
2017
-10-
10
not
yet
calcu
lated
CVE-
2014-
9092
FEDOR
A
FEDOR
A
FEDOR
A
FEDOR
A
MISC
MLIST(l
ink is
external)
BID(link
is
external)
CONFIR
M(link is
external)
MISC(li
nk is
external)
libmp3splt -- libmp3splt
plugins/ogg.c in Libmp3splt 0.9.2 calls the
libvorbis vorbis_block_clear function with
uninitialized data upon detection of invalid
input, which allows remote attackers to
cause a denial of service (application crash)
via a crafted file.
2017
-10-
09
not
yet
calcu
lated
CVE-
2017-
15185
MISC
MISC
MISC
EXPLOI
T-
DB(link
is
external)
libxfont -- libxfont
In the pcfGetProperties function in
bitmap/pcfread.c in libXfont through 1.5.2
and 2.x before 2.0.2, a missing boundary
check (for PCF files) could be used by local
attackers authenticated to an Xserver for a
buffer over-read, for information disclosure
or a crash of the X server.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
13722
CONFIR
M(link is
external)
CONFIR
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
CONFIR
M
CONFIR
M
libxfont -- libxfont
In the PatternMatch function in
fontfile/fontdir.c in libXfont through 1.5.2
and 2.x before 2.0.2, an attacker with access
to an X connection can cause a buffer over-
read during pattern matching of fonts,
leading to information disclosure or a crash
(denial of service). This occurs because '\0'
characters are incorrectly skipped in
situations involving ? characters.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
13720
CONFIR
M(link is
external)
CONFIR
M(link is
external)
CONFIR
M
CONFIR
M
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, a buffer
overread is observed during processing of
ACA_NL80211_VENDOR_SUBCMD_EX
TSCAN_PNO_SET_PASSPOINT_LIST
and
QCA_NL80211_VENDOR_SUBCMD_EX
TSCAN_PNO_SET_LIST cfg80211 vendor
commands in
__wlan_hdd_cfg80211_set_passpoint_list
and
hdd_extscan_passpoint_fill_network_list
function respectively. Android ID: A-
36817548. References: QC-CR#2058447,
QC-CR#2054770.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11060
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, the
Athdiag procfs entry does not have a proper
address sanity check which may potentially
lead to the use of an out-of-range pointer
offset.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11067
BID(link
is
external)
CONFIR
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, a buffer
overread is observed during processing of
ACA_NL80211_VENDOR_SUBCMD_EX
TSCAN_PNO_SET_PASSPOINT_LIST
and
QCA_NL80211_VENDOR_SUBCMD_EX
TSCAN_PNO_SET_LIST cfg80211 vendor
commands in
__wlan_hdd_cfg80211_set_passpoint_list
and
hdd_extscan_passpoint_fill_network_list
function respectively. Android ID: A-
36815952. References: QC-CR#2054770,
QC-CR#2058447, QC-CR#2066628, QC-
CR#2087785
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11064
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, in
compatibility mode, flash_data from 64-bit
userspace may cause disclosure of kernel
memory or a fault due to using a userspace-
provided address.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11057
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, setting
the HMAC key by different threads during
SHA operations may potentially lead to a
buffer overflow.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11059
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, while
processing a specially crafted
QCA_NL80211_VENDOR_SUBCMD_ND
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11052
BID(link
is
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
P cfg80211 vendor command a buffer over-
read can occur.
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, an array
out-of-bounds access can potentially occur
in a display driver.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
9706
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, two
concurrent threads/processes can write the
value of "0" to the debugfs file that controls
ipa ipc log which will lead to the double-
free in ipc_log_context_destroy(). Another
issue is the Use-After-Free which can
happen due to the race condition when the
ipc log is deallocated via the debugfs call
during a log print.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
9687
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, while
processing a specially crafted cfg80211
vendor command, a buffer over-read can
occur.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11054
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, currently
attributes are not validated in
__wlan_hdd_cfg80211_do_acs which can
potentially lead to a buffer overread.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11062
BID(link
is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, when the
pktlogconf tool gives a pktlog buffer of size
less than the minimal possible source data
size in the host driver, a buffer overflow can
potentially occur.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11050
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel,
information disclosure is possible in
function __wlan_hdd_cfg80211_testmode
since buffer hb_params is not initialized to
zero.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11051
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, as a
result of a race condition between two
userspace processes that interact with the
driver concurrently, a null pointer
dereference can potentially occur.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11063
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, there is a
possible double free/use after free in the
SPS driver when debugfs logging is used.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
9686
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, while
flashing a meta image, an integer overflow
can occur, if user-defined image offset and
size values are too large.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
9683
BID(link
is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, while
processing a vendor command, a buffer
over-read can occur.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
9715
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, while
processing a specially crafted
QCA_NL80211_VENDOR_SUBCMD_SE
T_WIFI_CONFIGURATION cfg80211
vendor command, a buffer over-read can
occur.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11055
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, when qos
map set IE of length less than 16 is received
in association response or in qos map
configure action frame, a buffer overflow
can potentially occur in
ConvertQosMapsetFrame().
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11053
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, while
doing sha and cipher operations, a userspace
buffer is directly accessed in kernel space
potentially leading to a page fault.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11056
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, an out of
2017
-10-
10
not
yet
CVE-
2017-
9714
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
bound memory access may happen in
limCheckRxRSNIeMatch in case incorrect
RSNIE is received from the client in assoc
request.
calcu
lated
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, while
parsing Netlink attributes, a buffer overread
can occur.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
9717
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, while
processing cfg80211 vendor sub command
QCA_NL80211_VENDOR_SUBCMD_RO
AM, a buffer over-read can occur.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11061
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, when an
audio driver ioctl handler is called, a kernel
out-of-bounds write can potentially occur.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11046
BID(link
is
external)
CONFIR
M(link is
external)
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, a race
condition can allow access to already freed
memory while reading command
registration table entries in
diag_dbgfs_read_table.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
9697
BID(link
is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
linux --
code_aurora_forum_android
In Android for MSM, Firefox OS for MSM,
QRD Android, with all Android releases
from CAF using the Linux kernel, in a
display driver function, a Use After Free
condition can occur.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
11048
BID(link
is
external)
CONFIR
M(link is
external)
linux -- kernel
security/keys/keyctl.c in the Linux kernel
before 4.11.5 does not consider the case of a
NULL payload in conjunction with a
nonzero length value, which allows local
users to cause a denial of service (NULL
pointer dereference and OOPS) via a crafted
add_key or keyctl system call, a different
vulnerability than CVE-2017-12192.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
15274
CONFIR
M
CONFIR
M
CONFIR
M(link is
external)
CONFIR
M(link is
external)
CONFIR
M
linux -- linux_kernel
The KEYS subsystem in the Linux kernel
through 4.13.7 mishandles use of add_key
for a key that already exists but is
uninstantiated, which allows local users to
cause a denial of service (NULL pointer
dereference and system crash) or possibly
have unspecified other impact via a crafted
system call.
2017
-10-
14
not
yet
calcu
lated
CVE-
2017-
15299
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC
linux -- linux_kernel
arch/x86/kvm/mmu.c in the Linux kernel
through 4.13.5, when nested virtualisation is
used, does not properly traverse guest
pagetable entries to resolve a guest virtual
address, which allows L1 guest OS users to
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
12188
BID(link
is
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
execute arbitrary code on the host OS or
cause a denial of service (incorrect index
during page walking, and host OS crash),
aka an "MMU potential stack buffer
overrun."
external)
CONFIR
M(link is
external)
CONFIR
M
CONFIR
M
linux -- linux_kernel
A vulnerability was found in the Key
Management sub component of the Linux
kernel, where when trying to issue a
KEYTCL_READ on negative key would
lead to a NULL pointer dereference. A local
attacker could use this flaw to crash the
kernel.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
12192
CONFIR
M(link is
external)
MISC
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Microsoft Windows 10 Gold, 1511, 1607,
1703, and Windows Server 2016 allows an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11804, CVE-2017-
11805, CVE-2017-11806, CVE-2017-
11807, CVE-2017-11809, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11808
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Microsoft Windows 10 Gold, 1511, 1607,
1703, and Windows Server 2016 allows an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11809
BID(link
is
external)
SECTR
ACK(lin
k is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11804, CVE-2017-
11805, CVE-2017-11806, CVE-2017-
11807, CVE-2017-11808, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
CONFIR
M(link is
external)
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Microsoft Windows 10 1703 allows an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11804, CVE-2017-
11805, CVE-2017-11807, CVE-2017-
11808, CVE-2017-11809, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11806
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Microsoft Windows 10 1703 allows an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11804, CVE-2017-
11805, CVE-2017-11806, CVE-2017-
11808, CVE-2017-11809, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11807
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- chakracore
ChakraCore allows an attacker to execute
arbitrary code in the context of the current
user, due to how the ChakraCore scripting
2017
-10-
13
not
yet
CVE-
2017-
11797
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
engine handles objects in memory, aka
"Scripting Engine Information Disclosure
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11798, CVE-2017-
11799, CVE-2017-11800, CVE-2017-
11801, CVE-2017-11802, CVE-2017-
11804, CVE-2017-11805, CVE-2017-
11806, CVE-2017-11807, CVE-2017-
11808, CVE-2017-11809, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
calcu
lated
BID(link
is
external)
CONFIR
M(link is
external)
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Microsoft Windows 10 Gold, 1511, 1607,
1703, and Windows Server 2016 allows an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11804, CVE-2017-
11805, CVE-2017-11806, CVE-2017-
11807, CVE-2017-11808, CVE-2017-
11809, CVE-2017-11810, CVE-2017-
11812, and CVE-2017-11821.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11811
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Microsoft Windows 10 1511, 1607, 1703,
and Windows Server 2016 allows an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11804, CVE-2017-
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11812
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
11805, CVE-2017-11806, CVE-2017-
11807, CVE-2017-11808, CVE-2017-
11809, CVE-2017-11810, CVE-2017-
11812, and CVE-2017-11821.
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Windows 10 1703 allows an attacker to
execute arbitrary code in the context of the
current user, due to how the scripting engine
handles objects in memory, aka "Scripting
Engine Memory Corruption Vulnerability".
This CVE ID is unique from CVE-2017-
11792, CVE-2017-11793, CVE-2017-
11797, CVE-2017-11798, CVE-2017-
11799, CVE-2017-11800, CVE-2017-
11801, CVE-2017-11802, CVE-2017-
11804, CVE-2017-11805, CVE-2017-
11806, CVE-2017-11807, CVE-2017-
11808, CVE-2017-11809, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11796
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Microsoft Windows 10 1703 allows an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11804, CVE-2017-
11806, CVE-2017-11807, CVE-2017-
11808, CVE-2017-11809, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11805
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Microsoft Windows 10 Gold, 1511, 1607,
1703, and Windows Server 2016 allows an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11799
BID(link
is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
11798, CVE-2017-11800, CVE-2017-
11801, CVE-2017-11802, CVE-2017-
11804, CVE-2017-11805, CVE-2017-
11806, CVE-2017-11807, CVE-2017-
11808, CVE-2017-11809, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Microsoft Windows 10 Gold, 1511, 1607,
1703, and Windows Server 2016 allows an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11805, CVE-2017-
11806, CVE-2017-11807, CVE-2017-
11808, CVE-2017-11809, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11804
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Microsoft Windows 10 Gold, 1511, 1607,
1703, and Windows Server 2016 allows an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11804, CVE-2017-11805, CVE-2017-
11806, CVE-2017-11807, CVE-2017-
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11802
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
11808, CVE-2017-11809, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
microsoft -- chakracore
ChakraCore allows an attacker to execute
arbitrary code in the context of the current
user, due to how the ChakraCore scripting
engine handles objects in memory, aka
"Scripting Engine Information Disclosure
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11802, CVE-2017-
11804, CVE-2017-11805, CVE-2017-
11806, CVE-2017-11807, CVE-2017-
11808, CVE-2017-11809, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11801
BID(link
is
external)
CONFIR
M(link is
external)
microsoft -- chakracore
ChakraCore and Microsoft Edge in
Microsoft Windows 10 1703 allows an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11792, CVE-2017-11793, CVE-
2017-11796, CVE-2017-11797, CVE-2017-
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11804, CVE-2017-
11805, CVE-2017-11806, CVE-2017-
11807, CVE-2017-11808, CVE-2017-
11809, CVE-2017-11810, CVE-2017-
11811, and CVE-2017-11812.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11821
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- edge
Microsoft Edge in Microsoft Windows 10
Gold, 1511, 1607, and Windows Server
2016 allows an attacker to execute arbitrary
code in the context of the current user, due
to how the scripting engine handles objects
in memory, aka "Scripting Engine Memory
Corruption Vulnerability". This CVE ID is
unique from CVE-2017-11792, CVE-2017-
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11800
BID(link
is
external)
SECTR
ACK(lin
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
11793, CVE-2017-11796, CVE-2017-
11797, CVE-2017-11798, CVE-2017-
11799, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11804, CVE-2017-
11805, CVE-2017-11806, CVE-2017-
11807, CVE-2017-11808, CVE-2017-
11809, CVE-2017-11810, CVE-2017-
11811, CVE-2017-11812, and CVE-2017-
11821.
k is
external)
CONFIR
M(link is
external)
microsoft -- edge
Microsoft Edge in Microsoft Windows 10
Gold, 1511, 1607, 1703, and Windows
Server 2016 allows an attacker to execute
arbitrary code in the context of the current
user, due to how the scripting engine
handles objects in memory, aka "Scripting
Engine Memory Corruption Vulnerability".
This CVE ID is unique from CVE-2017-
11792, CVE-2017-11793, CVE-2017-
11796, CVE-2017-11797, CVE-2017-
11799, CVE-2017-11800, CVE-2017-
11801, CVE-2017-11802, CVE-2017-
11804, CVE-2017-11805, CVE-2017-
11806, CVE-2017-11807, CVE-2017-
11808, CVE-2017-11809, CVE-2017-
11810, CVE-2017-11811, CVE-2017-
11812, and CVE-2017-11821.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11798
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- edge
Microsoft Edge in Microsoft Windows 10
1703 allows an attacker to obtain
information to further compromise the user's
system, due to how Microsoft Edge handles
objects in memory, aka "Microsoft Edge
Information Disclosure Vulnerability". This
CVE ID is unique from CVE-2017-8726
and CVE-2017-11803.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11794
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- internet_explorer
Internet Explorer in Microsoft Windows 7
SP1, Windows Server 2008 SP2 and R2
SP1, Windows 8.1 and Windows RT 8.1,
2017
-10-
13
not
yet
CVE-
2017-
11790
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
Windows Server 2012 and R2, Windows 10
Gold, 1511, 1607, 1703, and Windows
Server 2016 allows an attacker to obtain
information to further compromise the user's
system, due to how Internet Explorer
handles objects in memory, aka "Internet
Explorer Information Disclosure
Vulnerability".
calcu
lated
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- internet_explorer
Internet Explorer in Microsoft Windows 7
SP1, Windows Server 2008 SP2 and R2
SP1, Windows 8.1 and Windows RT 8.1,
Windows Server 2012 and R2, Windows 10
Gold, 1511, 1607, 1703, and Windows
Server 2016 allows an attacker to execute
arbitrary code in the context of the current
user, due to how Internet Explorer handles
objects in memory, aka "Internet Explorer
Memory Corruption Vulnerability". This
CVE ID is unique from CVE-2017-11813.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11822
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- internet_explorer
Internet Explorer in Microsoft Windows 7
SP1, Windows Server 2008 SP2 and R2
SP1, Windows 8.1 and Windows RT 8.1,
Windows Server 2012 and R2, Windows 10
Gold, 1511, 1607, 1703, and Windows
Server 2016 allows an attacker to execute
arbitrary code in the context of the current
user, due to how the scripting engine
handles objects in memory, aka "Scripting
Engine Memory Corruption Vulnerability".
This CVE ID is unique from CVE-2017-
11792, CVE-2017-11793, CVE-2017-
11796, CVE-2017-11798, CVE-2017-
11799, CVE-2017-11800, CVE-2017-
11801, CVE-2017-11802, CVE-2017-
11804, CVE-2017-11805, CVE-2017-
11806, CVE-2017-11807, CVE-2017-
11808, CVE-2017-11809, CVE-2017-
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11810
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
11811, CVE-2017-11812, and CVE-2017-
11821.
microsoft -- internet_explorer
Internet Explorer in Microsoft Windows 7
SP1, Windows Server 2008 SP2 and R2
SP1, Windows 8.1 and Windows RT 8.1,
Windows Server 2012 and R2, Windows 10
Gold, 1511, 1607, 1703, and Windows
Server 2016 allows an attacker to execute
arbitrary code in the context of the current
user, due to how the scripting engine
handles objects in memory, aka "Scripting
Engine Memory Corruption Vulnerability".
This CVE ID is unique from CVE-2017-
11792, CVE-2017-11796, CVE-2017-
11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11804, CVE-2017-
11805, CVE-2017-11806, CVE-2017-
11807, CVE-2017-11808, CVE-2017-
11809, CVE-2017-11810, CVE-2017-
11811, CVE-2017-11812, and CVE-2017-
11821.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11793
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- lync
Skype for Business in Microsoft Lync 2013
SP1 and Skype for Business 2016 allows an
attacker to steal an authentication hash that
can be reused elsewhere, due to how Skype
for Business handles authentication
requests, aka "Skype for Business Elevation
of Privilege Vulnerability."
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11786
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- multiple_products
Microsoft Office 2010, SharePoint
Enterprise Server 2010, SharePoint Server
2010, Web Applications, Office Web Apps
Server 2010 and 2013, Word Viewer, Word
2007, 2010, 2013 and 2016, Word
Automation Services, and Office Online
Server allow remote code execution when
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11826
BID(link
is
external)
SECTR
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
the software fails to properly handle objects
in memory.
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- office
Microsoft Office 2016 Click-to-Run (C2R)
and Microsoft Office 2016 for Mac allow an
attacker to use a specially crafted file to
perform actions in the security context of
the current user, due to how Microsoft
Office handles files in memory, aka
"Microsoft Office Remote Code Execution
Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11825
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- outlook
Microsoft Outlook 2016 allows an attacker
to obtain the email content of a user, due to
how Outlook 2016 discloses user email
content, aka "Microsoft Outlook
Information Disclosure Vulnerability."
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11776
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- outlook
Microsoft Outlook 2010 SP2, Outlook 2013
SP1 and RT SP1, and Outlook 2016 allow
an attacker to execute arbitrary commands,
due to how Microsoft Office handles objects
in memory, aka "Microsoft Outlook
Security Feature Bypass Vulnerability."
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11774
BID(link
is
external)
SECTR
ACK(lin
k is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
CONFIR
M(link is
external)
microsoft -- sharepoint
Microsoft SharePoint Enterprise Server
2013 SP1 and Microsoft SharePoint
Enterprise Server 2016 allow an attacker to
exploit a cross-site scripting (XSS)
vulnerability by sending a specially crafted
request to an affected SharePoint server, due
to how SharePoint Server sanitizes web
requests, aka "Microsoft Office SharePoint
XSS Vulnerability". This CVE ID is unique
from CVE-2017-11777 and CVE-2017-
11820.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11775
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- sharepoint
Microsoft SharePoint Enterprise Server
2013 SP1 and Microsoft SharePoint
Enterprise Server 2016 allow an attacker to
exploit a cross-site scripting (XSS)
vulnerability by sending a specially crafted
request to an affected SharePoint server, due
to how SharePoint Server sanitizes web
requests, aka "Microsoft Office SharePoint
XSS Vulnerability". This CVE ID is unique
from CVE-2017-11775 and CVE-2017-
11777.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11820
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- sharepoint
Microsoft SharePoint Enterprise Server
2013 SP1 and Microsoft SharePoint
Enterprise Server 2016 allow an attacker to
exploit a cross-site scripting (XSS)
vulnerability by sending a specially crafted
request to an affected SharePoint server, due
to how SharePoint Server sanitizes web
requests, aka "Microsoft Office SharePoint
XSS Vulnerability". This CVE ID is unique
from CVE-2017-11775 and CVE-2017-
11820.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11777
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
microsoft -- windows
The Microsoft Graphics Component on
Microsoft Windows Server 2008 SP2 and
R2 SP1, Windows 7 SP1, Windows 8.1,
Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016
allows an elevation of privilege
vulnerability in the way it handles objects in
memory, aka "Windows Graphics
Component Elevation of Privilege
Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11824
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Device Guard on Microsoft
Windows 10 Gold, 1511, 1607, and 1703,
and Windows Server 2016 allows a security
feature bypass by the way it handles
Windows PowerShell sessions, aka
"Windows Security Feature Bypass".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
8715
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
Microsoft Windows 10 allows an elevation
of privilege vulnerability when the
Windows Update Delivery Optimization
does not properly enforce file share
permissions.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11829
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows Kernel component
on Microsoft Windows Server 2008 SP2
and R2 SP1, Windows 7 SP1, Windows 8.1,
2017
-10-
13
not
yet
CVE-
2017-
11817
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016,
allows an information disclosure
vulnerability when it improperly validates
objects in memory, aka "Windows
Information Disclosure Vulnerability".
calcu
lated
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Graphics Component on
Microsoft Windows 10 Gold, 1511, 1607,
and 1703, and Windows Server 2016 allows
an information disclosure vulnerability in
the way it handles objects in memory, aka
"Microsoft Graphics Information Disclosure
Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
8693
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
Microsoft Windows 8.1, Windows Server
2012 R2, Windows RT 8.1, Windows 10
Gold, 1511, 1607, and 1703, and Windows
Server 2016 allows an elevation of privilege
vulnerability in the way it handles calls to
Advanced Local Procedure Call (ALPC),
aka "Windows Elevation of Privilege
Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11783
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Server Message Block 1.0 (SMBv1) on
Microsoft Windows Server 2008 SP2 and
R2 SP1, Windows 7 SP1, Windows 8.1,
Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016,
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11780
BID(link
is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
allows a remote code execution
vulnerability when it fails to properly handle
certain requests, aka "Windows SMB
Remote Code Execution Vulnerability".
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows Domain Name
System (DNS) DNSAPI.dll on Microsoft
Windows 8.1, Windows Server 2012 R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016
allows a remote code execution
vulnerability when it fails to properly handle
DNS responses, aka "Windows DNSAPI
Remote Code Execution Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11779
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows TRIE component
on Microsoft Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016
allows a remote code execution
vulnerability in the way it handles loading
dll files, aka "TRIE Remote Code Execution
Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11769
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Graphics Component on
Microsoft Windows Server 2008 SP2 and
R2 SP1, Windows 7 SP1, Windows 8.1,
Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016
allows a remote code execution
vulnerability in the way it handles specially
crafted embedded fonts, aka "Microsoft
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11762
BID(link
is
external)
SECTR
ACK(lin
k is
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
Graphics Remote Code Execution
Vulnerability". This CVE ID is unique from
CVE-2017-11763.
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows Search component
on Microsoft Windows Server 2008 SP2
and R2 SP1, Windows 7 SP1, Windows 8.1,
Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016
allows a remote code execution
vulnerability when it fails to properly handle
DNS responses, aka "Windows Search
Remote Code Execution Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11771
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Server Block Message
(SMB) on Microsoft Windows Server 2008
SP2 and R2 SP1, Windows 7 SP1, Windows
8.1, Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016,
allows an information disclosure
vulnerability in the way that it handles
certain requests, aka "Windows SMB
Information Disclosure Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11815
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows Kernel component
on Microsoft Windows Server 2008 SP2
and R2 SP1, Windows 7 SP1, Windows 8.1,
Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016,
allows an information disclosure
vulnerability when it improperly handles
objects in memory, aka "Windows Kernel
Information Disclosure Vulnerability". This
CVE ID is unique from CVE-2017-11765,
CVE-2017-11784, and CVE-2017-11814.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11785
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
microsoft -- windows
The Microsoft Windows Storage component
on Microsoft Windows 8.1, Windows
Server 2012 R2, Windows RT 8.1,
Windows 10 Gold, 1511, 1607, and 1703,
and Windows Server 2016 allows a security
feature bypass vulnerability when it fails to
validate an integrity-level check, aka
"Windows Storage Security Feature Bypass
Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11818
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows Kernel component
on Microsoft Windows Server 2008 SP2
and R2 SP1, Windows 7 SP1, Windows 8.1,
Windows Server 2012 Gold and R2,
Windows RT 8.1, and Windows 10 Gold,
allows an information disclosure
vulnerability when it improperly handles
objects in memory, aka "Windows Kernel
Information Disclosure Vulnerability". This
CVE ID is unique from CVE-2017-11765,
CVE-2017-11785, and CVE-2017-11814.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11784
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows Kernel component
on Microsoft Windows Server 2008 SP2
and R2 SP1, Windows 7 SP1, Windows 8.1,
Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016,
allows an information disclosure
vulnerability when it improperly handles
objects in memory, aka "Windows Kernel
Information Disclosure Vulnerability". This
CVE ID is unique from CVE-2017-11765,
CVE-2017-11784, and CVE-2017-11785.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11814
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
microsoft -- windows
The Microsoft Windows Graphics Device
Interface (GDI) on Microsoft Windows
Server 2008 SP2 and R2 SP1, Windows 7
SP1, Windows 8.1, Windows Server 2012
Gold and R2, Windows RT 8.1, Windows
10 Gold, 1511, 1607, and 1703, and
Windows Server 2016 allows an
information disclosure vulnerability in the
way it handles objects in memory, aka
"Windows GDI Information Disclosure
Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11816
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
ChakraCore and Microsoft Edge in
Microsoft Windows 10 1703 allow an
attacker to execute arbitrary code in the
context of the current user, due to how the
scripting engine handles objects in memory,
aka "Scripting Engine Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11793, CVE-2017-11796, CVE-
2017-11798, CVE-2017-11799, CVE-2017-
11800, CVE-2017-11801, CVE-2017-
11802, CVE-2017-11804, CVE-2017-
11805, CVE-2017-11806, CVE-2017-
11807, CVE-2017-11808, CVE-2017-
11809, CVE-2017-11810, CVE-2017-
11811, CVE-2017-11812, and CVE-2017-
11821.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11792
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft JET Database Engine in
Windows Server 2008 SP2 and R2 SP1,
Windows 7 SP1, Windows 8.1 and RT 8.1,
Windows Server 2012 and R2, Windows 10
Gold, 1511, 1607, 1703, and Windows
Server 2016 allows an attacker to take
control of an affected system, due to how it
handles objects in memory, aka "Microsoft
JET Database Engine Remote Code
Execution Vulnerability". This CVE ID is
unique from CVE-2017-8718.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
8717
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
microsoft -- windows
The Microsoft JET Database Engine in
Windows Server 2008 SP2 and R2 SP1,
Windows 7 SP1, Windows 8.1 and RT 8.1,
Windows Server 2012 and R2, Windows 10
Gold, 1511, 1607, 1703, and Windows
Server 2016 allows an attacker to take
control of an affected system, due to how it
handles objects in memory, aka "Microsoft
JET Database Engine Remote Code
Execution Vulnerability". This CVE ID is
unique from CVE-2017-8717.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
8718
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows Search component
on Microsoft Windows Server 2008 SP2
and R2 SP1, Windows 7 SP1, Windows 8.1,
Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016
allows an information disclosure when it
fails to properly handle objects in memory,
aka "Microsoft Search Information
Disclosure Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11772
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows Kernel component
on Microsoft Windows Server 2008 SP2
and R2 SP1, Windows 7 SP1, Windows 8.1,
Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016,
allows an information disclosure
vulnerability when it improperly handles
objects in memory, aka "Windows Kernel
Information Disclosure Vulnerability". This
CVE ID is unique from CVE-2017-11784,
CVE-2017-11785, and CVE-2017-11814.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11765
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
Microsoft Edge in Microsoft Windows 10
Gold, 1511, 1607, 1703, and Windows
Server 2016 allows an attacker to execute
2017
-10-
13
not
yet
CVE-
2017-
8726
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
arbitrary code in the context of the current
user, due to how affected Microsoft
scripting engines handle objects in memory,
aka "Microsoft Edge Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11794 and CVE-2017-11803.
calcu
lated
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows Kernel Mode
Driver on Microsoft Windows Server 2008
SP2 and R2 SP1, Windows 7 SP1, Windows
8.1, Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016
allows an elevation of privilege
vulnerability when it fails to properly handle
objects in memory, aka "Win32k Elevation
of Privilege Vulnerability". This CVE ID is
unique from CVE-2017-8689.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
8694
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Graphics Component on
Microsoft Windows Server 2008 SP2 and
R2 SP1, Windows 7 SP1, Windows 8.1,
Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016
allows a remote code execution
vulnerability in the way it handles specially
crafted embedded fonts, aka "Microsoft
Graphics Remote Code Execution
Vulnerability". This CVE ID is unique from
CVE-2017-11763.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11763
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows Kernel Mode
Driver on Microsoft Windows Server 2008
SP2 and R2 SP1, Windows 7 SP1, Windows
8.1, Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
8689
BID(link
is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
allows an elevation of privilege
vulnerability when it fails to properly handle
objects in memory, aka "Win32k Elevation
of Privilege Vulnerability". This CVE ID is
unique from CVE-2017-8694.
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
Microsoft Windows Server 2008 SP2 and
R2 SP1, Windows 7 SP1, Windows 8.1 and
RT 8.1, Windows Server 2012 and R2,
Windows 10 Gold, 1511, 1607, 1703, and
Windows Server 2016 allow an attacker to
execute arbitrary code in the context of the
current user, due to how Microsoft
Windows Text Services Framework handles
objects in memory, aka "Windows Shell
Memory Corruption Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
8727
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Windows Subsystem for
Linux on Microsoft Windows 10 1703
allows a denial of service vulnerability
when it improperly handles objects in
memory, aka "Windows Subsystem for
Linux Denial of Service Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
8703
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
Microsoft Windows 7 SP1 allows an
attacker to execute arbitrary code in the
context of the current user, due to how
Microsoft browsers handle objects in
memory, aka "Windows Shell Remote Code
Execution Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11819
BID(link
is
external)
SECTR
ACK(lin
k is
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Server Block Message
(SMB) on Microsoft Windows 10 1607 and
Windows Server 2016, allows an elevation
of privilege vulnerability when an attacker
sends specially crafted requests to the
server, aka "Windows SMB Elevation of
Privilege Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11782
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Server Block Message
(SMB) on Microsoft Windows Server 2008
SP2 and R2 SP1, Windows 7 SP1, Windows
8.1, Windows Server 2012 Gold and R2,
Windows RT 8.1, Windows 10 Gold, 1511,
1607, and 1703, and Windows Server 2016,
allows a denial of service vulnerability
when an attacker sends specially crafted
requests to the server, aka "Windows SMB
Denial of Service Vulnerability".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11781
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
microsoft -- windows
The Microsoft Device Guard on Microsoft
Windows 10 Gold, 1511, 1607, and 1703,
and Windows Server 2016 allows a security
feature bypass by the way it handles
Windows PowerShell sessions, aka
"Microsoft Windows Security Feature
Bypass".
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11823
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
mirasys --
video_management_system
Mirasys Video Management System (VMS)
6.x before 6.4.6, 7.x before 7.5.15, and 8.x
before 8.1.1 has a login process in which
cleartext data is sent from a server to a
client, and not all of this data is required for
the client functionality.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
15290
MISC(li
nk is
external)
MISC(li
nk is
external)
misp -- misp
MISP before 2.4.81 has a potential reflected
XSS in a quickDelete action that is used to
delete a sighting, related to
app/View/Sightings/ajax/quickDeleteConfir
mationForm.ctp and app/webroot/js/misp.js.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15216
CONFIR
M(link is
external)
CONFIR
M(link is
external)
nexusphp -- nexusphp
XSS exists in NexusPHP 1.5 via the
keyword parameter to messages.php.
2017
-10-
14
not
yet
calcu
lated
CVE-
2017-
15305
MISC(li
nk is
external)
MISC(li
nk is
external)
niconico -- app_for_iOS
niconico App for iOS before 6.38 does not
verify SSL certificates which could allow
remote attackers to execute man-in-the-
middle attacks.
2017
-10-
10
not
yet
calcu
lated
CVE-
2015-
5639
MISC(li
nk is
external)
JVN(link
is
external)
JVNDB(
link is
external)
BID(link
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
is
external)
octobercms -- octobercms
Cross-Site Scripting exists in OctoberCMS
1.0.425 (aka Build 425), allowing a least
privileged user to upload an SVG file
containing malicious code as the Avatar for
the profile. When this is opened by the
Admin, it causes JavaScript execution in the
context of the Admin account.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
15284
MISC(li
nk is
external)
EXPLOI
T-
DB(link
is
external)
opentext --
documentum_content_server
OpenText Documentum Content Server
(formerly EMC Documentum Content
Server) through 7.3 contains the following
design gap, which allows authenticated
users to download arbitrary content files
regardless of the attacker's repository
permissions: When an authenticated user
uploads content to the repository, he
performs the following steps: (1) calls the
START_PUSH RPC-command; (2) uploads
the file to the content server; (3) calls the
END_PUSH_V2 RPC-command (here,
Content Server returns a DATA_TICKET
integer, intended to identify the location of
the uploaded file on the Content Server
filesystem); (4) creates a dmr_content object
in the repository, which has a value of
data_ticket equal to the value of
DATA_TICKET returned at the end of
END_PUSH_V2 call. As the result of this
design, any authenticated user may create
his own dmr_content object, pointing to
already existing content in the Content
Server filesystem.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
15014
MISC
opentext --
documentum_content_server
OpenText Documentum Content Server
(formerly EMC Documentum Content
Server) through 7.3 contains the following
design gap, which allows an authenticated
user to gain superuser privileges: Content
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
15013
MISC
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
Server stores information about uploaded
files in dmr_content objects, which are
queryable and "editable" (before release
7.2P02, any authenticated user was able to
edit dmr_content objects; now any
authenticated user may delete a dmr_content
object and then create a new one with the
old identifier) by authenticated users; this
allows any authenticated user to replace the
content of security-sensitive dmr_content
objects (for example, dmr_content related to
dm_method objects) and gain superuser
privileges.
opentext --
documentum_content_server
OpenText Documentum Content Server
(formerly EMC Documentum Content
Server) through 7.3 contains the following
design gap, which allows an authenticated
user to gain superuser privileges: Content
Server allows uploading content using
batches (TAR archives). When unpacking
TAR archives, Content Server fails to verify
the contents of an archive, which causes a
path traversal vulnerability via symlinks.
Because some files on the Content Server
filesystem are security-sensitive, this leads
to privilege escalation.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
15276
MISC
opentext --
documentum_content_server
OpenText Documentum Content Server
(formerly EMC Documentum Content
Server) through 7.3 does not properly
validate the input of the PUT_FILE RPC-
command, which allows any authenticated
user to hijack an arbitrary file from the
Content Server filesystem; because some
files on the Content Server filesystem are
security-sensitive, this leads to privilege
escalation.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
15012
MISC
piwigo -- piwigo
Cross Site Scripting (XSS) exists in Piwigo
before 2.8.3 via a crafted search expression
to include/functions_search.inc.php.
2017
-10-
10
not
yet
calcu
lated
CVE-
2016-
10513
CONFIR
M
CONFIR
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
M(link is
external)
CONFIR
M(link is
external)
piwigo -- url_check_format
url_check_format in
include/functions.inc.php in Piwigo before
2.8.3 allows remote attackers to bypass
intended access restrictions via a URL that
contains a " character, or a URL beginning
with a substring other than the http:// or
https:// substring.
2017
-10-
10
not
yet
calcu
lated
CVE-
2016-
10514
CONFIR
M
CONFIR
M(link is
external)
CONFIR
M(link is
external)
pure_storage -- purity
Stored Cross-site scripting (XSS)
vulnerability in Pure Storage Purity 4.7.5
allows remote authenticated users to inject
arbitrary web script or HTML via the "host"
parameter on the 'System > Configuration >
SNMP > Add SNMP Trap Manager' screen.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
7352
MISC(li
nk is
external)
qemu -- qemu
Qemu through 2.10.0 allows remote
attackers to cause a memory leak by
triggering slow data-channel read
operations, related to io/channel-websock.c.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
15268
CONFIR
M(link is
external)
MLIST
qemu -- qemu
Race condition in the v9fs_xattrwalk
function in hw/9pfs/9p.c in QEMU (aka
Quick Emulator) allows local guest OS
users to obtain sensitive information from
host heap memory via vectors related to
reading extended attributes.
2017
-10-
09
not
yet
calcu
lated
CVE-
2017-
15038
MLIST(l
ink is
external)
MLIST
rakuten -- rakuten_card
Rakuten card App for iOS 5.2.0 through
5.2.4 does not verify SSL certificates which
might allow remote attackers to execute
man-in-the-middle attacks.
2017
-10-
10
not
yet
calcu
lated
CVE-
2015-
2988
JVN(link
is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
JVNDB(
link is
external)
BID(link
is
external)
rsa_archer -- grc_platform
RSA Archer GRC Platform prior to 6.2.0.5
is affected by stored cross-site scripting via
the Questionnaire ID field. An authenticated
attacker may potentially exploit this to
execute arbitrary HTML in the user's
browser session in the context of the
affected RSA Archer application.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
8016
CONFIR
M
SECTR
ACK(lin
k is
external)
rsa_archer -- grc_platform
RSA Archer GRC Platform prior to 6.2.0.5
is affected by a privilege escalation
vulnerability. A low privileged RSA Archer
user may potentially exploit this
vulnerability to elevate their privileges and
export certain application records.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
14369
CONFIR
M
BID(link
is
external)
SECTR
ACK(lin
k is
external)
rsa_archer -- grc_platform
RSA Archer GRC Platform prior to 6.2.0.5
is affected by stored cross-site scripting via
the Source Asset ID field. An authenticated
attacker may potentially exploit this to
execute arbitrary HTML in the user's
browser session in the context of the
affected RSA Archer application.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
14370
CONFIR
M
SECTR
ACK(lin
k is
external)
rsa_archer -- grc_platform
RSA Archer GRC Platform prior to 6.2.0.5
is affected by reflected cross-site scripting
vulnerabilities via certain RSA Archer Help
pages. Attackers could potentially exploit
this to execute arbitrary HTML in the user's
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
14372
CONFIR
M
BID(link
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
browser session in the context of the
affected RSA Archer application.
is
external)
SECTR
ACK(lin
k is
external)
rsa_archer -- grc_platform
RSA Archer GRC Platform prior to 6.2.0.5
is affected by reflected cross-site scripting
via the request URL. Attackers could
potentially exploit this to execute arbitrary
HTML in the user's browser session in the
context of the affected RSA Archer
application.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
14371
CONFIR
M
BID(link
is
external)
SECTR
ACK(lin
k is
external)
rsa_archer -- grc_platform
RSA Archer GRC Platform prior to 6.2.0.5
is affected by an arbitrary file upload
vulnerability. A remote unauthenticated
attacker may potentially exploit this
vulnerability to upload malicious files via
attachments to arbitrary paths on the web
server.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
8025
CONFIR
M
BID(link
is
external)
SECTR
ACK(lin
k is
external)
rubygems -- rubygems
RubyGems versions between 2.0.0 and
2.6.13 are vulnerable to a possible remote
code execution vulnerability. YAML
deserialization of gem specifications can
bypass class white lists. Specially crafted
serialized objects can possibly be used to
escalate to remote code execution.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
0903
MISC
MISC
MISC(li
nk is
external)
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
ruckus_wireless --
zonedirector_controller
Ruckus Wireless Zone Director Controller
firmware releases ZD9.9.x, ZD9.10.x,
ZD9.13.0.x less than 9.13.0.0.232 contain
OS Command Injection vulnerabilities in
the ping functionality that could allow local
authenticated users to execute arbitrary
privileged commands on the underlying
operating system.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
6223
CONFIR
M(link is
external)
ruckus_wireless --
zonedirector_controller
Ruckus Wireless ZoneDirector Controller
firmware releases ZD9.x, ZD10.0.0.x,
ZD10.0.1.x (less than 10.0.1.0.17 MR1
release) and Ruckus Wireless Unleashed AP
Firmware releases 200.0.x, 200.1.x, 200.2.x,
200.3.x, 200.4.x. contain OS Command
Injection vulnerabilities that could allow
local authenticated users to execute arbitrary
privileged commands on the underlying
operating system by appending those
commands in the Common Name field in
the Certificate Generation Request.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
6224
CONFIR
M(link is
external)
salt -- salt
salt before 2015.5.5 leaks git usernames and
passwords to the log.
2017
-10-
10
not
yet
calcu
lated
CVE-
2015-
6918
CONFIR
M(link is
external)
CONFIR
M(link is
external)
sdl -- sdl
An exploitable integer overflow
vulnerability exists when creating a new
RGB Surface in SDL 2.0.5. A specially
crafted file can cause an integer overflow
resulting in too little memory being
allocated which can lead to a buffer
overflow and potential code execution. An
attacker can provide a specially crafted
image file to trigger this vulnerability.
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
2888
BID(link
is
external)
MISC(li
nk is
external)
sdl -- sdl
An exploitable buffer overflow vulnerability
exists in the XCF property handling
functionality of SDL_image 2.0.1. A
specially crafted xcf file can cause a stack-
2017
-10-
11
not
yet
calcu
lated
CVE-
2017-
2887
BID(link
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
based buffer overflow resulting in potential
code execution. An attacker can provide a
specially crafted XCF file to trigger this
vulnerability.
is
external)
MISC(li
nk is
external)
seagate -- blackarmor_nas
Seagate BlackArmor NAS devices with
firmware sg2000-2000.1331 allow remote
attackers to execute arbitrary commands via
shell metacharacters in the ip parameter to
backupmgt/getAlias.php.
2017
-10-
11
not
yet
calcu
lated
CVE-
2013-
6924
MISC(li
nk is
external)
BID(link
is
external)
XF(link
is
external)
shaarli -- shaarli
Reflected XSS vulnerability in Shaarli
v0.9.1 allows an unauthenticated attacker to
inject JavaScript via the searchtags
parameter to index.php. If the victim is an
administrator, an attacker can (for example)
take over the admin session or change
global settings or add/delete links. It is also
possible to execute JavaScript against
unauthenticated users.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15215
MISC(li
nk is
external)
MISC(li
nk is
external)
MISC(li
nk is
external)
silverstripe -- silverstripe _cms
Response discrepancy in the login and
password reset forms in SilverStripe CMS
before 3.5.5 and 3.6.x before 3.6.1 allows
remote attackers to enumerate users via
timing attacks.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
12849
CONFIR
M
sqlite -- sqlite
SQLite 3.20.1 has a NULL pointer
dereference in tableColumnList in shell.c
because it fails to consider certain cases
where
`sqlite3_step(pStmt)==SQLITE_ROW` is
false and a data structure is never initialized.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
15286
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
sudo-- sudoers_plugin
The SHA-2 digest support in the sudoers
plugin in sudo after 1.8.7 allows local users
with write permissions to parts of the called
command to replace them before it is
executed.
2017
-10-
10
not
yet
calcu
lated
CVE-
2015-
8239
MLIST(l
ink is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
symantec --
endpoint_encryption
A denial of service (DoS) attack in
Symantec Encryption Desktop before SED
10.4.1 MP2HF1 allows remote attackers to
make a particular machine or network
resource unavailable to its intended users by
temporarily or indefinitely disrupting
services of a specific host within a network.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
13679
BID(link
is
external)
CONFIR
M(link is
external)
symantec --
endpoint_encryption
A denial of service (DoS) attack in
Symantec Endpoint Encryption before SEE
11.1.3HF2 allows remote attackers to make
a particular machine or network resource
unavailable to its intended users by
temporarily or indefinitely disrupting
services of a specific host within a network.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
13675
BID(link
is
external)
CONFIR
M(link is
external)
sync_breeze -- enterprise
Buffer overflow in Sync Breeze Enterprise
10.0.28 allows remote attackers to have
unspecified impact via a long username
parameter to /login.
2017
-10-
09
not
yet
calcu
lated
CVE-
2017-
14980
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
teampass -- teampass
Cross-Site Scripting (XSS) was discovered
in TeamPass before 2.1.27.9. The
vulnerability exists due to insufficient
filtration of data (in
/sources/folders.queries.php). An attacker
could execute arbitrary HTML and script
code in a browser in the context of the
vulnerable website.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
15278
CONFIR
M(link is
external)
CONFIR
M(link is
external)
CONFIR
M(link is
external)
tiandy -- ip_cameras
Tiandy IP cameras 5.56.17.120 do not
properly restrict a certain proprietary
protocol, which allows remote attackers to
read settings via a crafted request to TCP
port 3001, as demonstrated by config* files
and extendword.txt.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15236
MISC(li
nk is
external)
trapeze -- transitmaster
Trapeze TransitMaster is vulnerable to
information disclosure (emails / hashed
passwords) via a modified userID field in
JSON data to
ManageSubscriber.aspx/GetSubscriber.
NOTE: this software is independently
deployed at multiple municipal transit
systems; it is not found exclusively on the
"webwatch.(REDACTED).com" server
mentioned in the reference.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
14943
MISC(li
nk is
external)
ui-dialog -- ui-dialog
UI-Dialog 1.09 and earlier allows remote
attackers to execute arbitrary commands.
2017
-10-
10
not
yet
calcu
lated
CVE-
2008-
7315
MLIST(l
ink is
external)
BID(link
is
external)
CONFIR
M
CONFIR
M
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
CONFIR
M
umbraco_cms -- umbraco_cms
XML external entity (XXE) vulnerability in
Umbraco CMS before 7.7.3 allows attackers
to obtain sensitive information by reading
files on the server or sending TCP requests
to intranet hosts (aka SSRF), related to
Umbraco.Web/umbraco.presentation/umbra
co/dialogs/importDocumenttype.aspx.cs.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
15280
CONFIR
M
CONFIR
M(link is
external)
umbraco_cms -- umbraco_cms
Cross-site scripting (XSS) vulnerability in
Umbraco CMS before 7.7.3 allows remote
attackers to inject arbitrary web script or
HTML via the "page name" (aka nodename)
parameter during the creation of a new page,
related to
Umbraco.Web.UI/umbraco/dialogs/Publish.
aspx.cs and
Umbraco.Web/umbraco.presentation/umbra
co/dialogs/notifications.aspx.cs.
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
15279
CONFIR
M
CONFIR
M(link is
external)
windows -- internet_explorer
Internet Explorer in Microsoft Windows 7
SP1, Windows Server 2008 R2 SP1,
Windows 8.1 and Windows RT 8.1, and
Windows Server 2012 R2 allows an attacker
to execute arbitrary code in the context of
the current user, due to how Internet
Explorer handles objects in memory, aka
"Internet Explorer Memory Corruption
Vulnerability". This CVE ID is unique from
CVE-2017-11822.
2017
-10-
13
not
yet
calcu
lated
CVE-
2017-
11813
BID(link
is
external)
SECTR
ACK(lin
k is
external)
CONFIR
M(link is
external)
wireshark -- wireshark
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9,
and 2.0.0 to 2.0.15, the DMP dissector could
crash. This was addressed in
epan/dissectors/packet-dmp.c by validating
a string length.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15191
BID(link
is
external)
CONFIR
M
CONFIR
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
M
CONFIR
M
CONFIR
M
wireshark -- wireshark
In Wireshark 2.4.0 to 2.4.1, the RTSP
dissector could crash. This was addressed in
epan/dissectors/packet-rtsp.c by correcting
the scope of a variable.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15190
BID(link
is
external)
CONFIR
M
CONFIR
M
CONFIR
M
CONFIR
M
wireshark -- wireshark
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to
2.2.9, the MBIM dissector could crash or
exhaust system memory. This was
addressed in epan/dissectors/packet-mbim.c
by changing the memory-allocation
approach.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15193
BID(link
is
external)
CONFIR
M
CONFIR
M
CONFIR
M
CONFIR
M
wireshark -- wireshark
In Wireshark 2.4.0 to 2.4.1, the DOCSIS
dissector could go into an infinite loop. This
was addressed in plugins/docsis/packet-
docsis.c by adding decrements.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15189
BID(link
is
external)
CONFIR
M
CONFIR
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
M
CONFIR
M
CONFIR
M
wireshark -- wireshark
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to
2.2.9, the BT ATT dissector could crash.
This was addressed in
epan/dissectors/packet-btatt.c by
considering a case where not all of the
BTATT packets have the same
encapsulation level.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15192
BID(link
is
external)
CONFIR
M
CONFIR
M
CONFIR
M
CONFIR
M
wordpress -- wordpress
WordPress through 4.8.2, when domain-
based flashmediaelement.swf sandboxing is
not used, allows remote attackers to conduct
cross-domain Flash injection (XSF) attacks
by leveraging code contained within the wp-
includes/js/mediaelement/flashmediaelemen
t.swf file.
2017
-10-
12
not
yet
calcu
lated
CVE-
2016-
9263
MISC(li
nk is
external)
wordpress -- wordpress
The ec_ajax_update_option and
ec_ajax_clear_all_taxrates functions in
inc/admin/admin_ajax_functions.php in the
WP EasyCart plugin 1.1.30 through 3.0.20
for WordPress allow remote attackers to
gain administrator privileges and execute
arbitrary code via the option_name and
option_value parameters.
2017
-10-
06
not
yet
calcu
lated
CVE-
2015-
2673
MISC(li
nk is
external)
x-cart -- x-cart
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is
vulnerable to Remote Code Execution. This
vulnerability exists because the application
fails to check remote file extensions before
saving locally. This vulnerability can be
exploited by anyone with Vendor access or
higher. One attack methodology is to upload
an image file in the Attachments section of a
2017
-10-
12
not
yet
calcu
lated
CVE-
2017-
15285
MISC(li
nk is
external)
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
product catalog, upload a .php file with an
"Add File Via URL" action, and change the
image's Description URL to reference the
.php URL in the attachments/ directory.
x.org_foundation --
x.org_server
In X.Org Server (aka xserver and xorg-
server) before 1.19.4, a local attacker
authenticated to the X server could overflow
a global buffer, causing crashes of the X
server or potentially other problems by
injecting large or malformed XKB related
atoms and accessing them via xkbcomp.
2017
-10-
09
not
yet
calcu
lated
CVE-
2017-
13723
MLIST(l
ink is
external)
BID(link
is
external)
CONFIR
M
MLIST
x.org_foundation --
x.org_server
In X.Org Server (aka xserver and xorg-
server) before 1.19.4, an attacker
authenticated to an X server with the X
shared memory extension enabled can cause
aborts of the X server or replace shared
memory segments of other X clients in the
same session.
2017
-10-
09
not
yet
calcu
lated
CVE-
2017-
13721
MLIST(l
ink is
external)
BID(link
is
external)
CONFIR
M
MLIST
zend_framework --
zend_framework
Zend Framework before 2.4.9, zend-
framework/zend-crypt 2.4.x before 2.4.9,
and 2.5.x before 2.5.2 allows remote
attackers to recover the RSA private key.
2017
-10-
10
not
yet
calcu
lated
CVE-
2015-
7503
CONFIR
M(link is
external)
CONFIR
M(link is
external)
zyxel -- zyxel
Zyxel NBG6716 V1.00(AAKG.9)C0
devices allow command injection in the
ozkerz component because beginIndex and
endIndex are used directly in a popen call.
2017
-10-
10
not
yet
calcu
lated
CVE-
2017-
15226
MISC(li
Primary
Vendor -- Product Description
Publ
ishe
d
CVS
S
Scor
e
Source
& Patch
Info
nk is
external)