jell.ie CVEs

Read at: 2017-09-25T01:35:34+01:00

CVE-2017-14722

Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.

Source: National Vulnerability Database | 23 Sep 2017 | 9:29 pm IST

CVE-2017-14726

Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.

Source: National Vulnerability Database | 23 Sep 2017 | 9:29 pm IST

CVE-2017-14727

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.

Source: National Vulnerability Database | 23 Sep 2017 | 9:29 pm IST

CVE-2017-14627

Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.

Source: National Vulnerability Database | 23 Sep 2017 | 9:29 pm IST

CVE-2017-14725

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.

Source: National Vulnerability Database | 23 Sep 2017 | 9:29 pm IST

CVE-2017-14719

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.

Source: National Vulnerability Database | 23 Sep 2017 | 9:29 pm IST

CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.

Source: National Vulnerability Database | 23 Sep 2017 | 9:29 pm IST

CVE-2017-14720

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.

Source: National Vulnerability Database | 23 Sep 2017 | 9:29 pm IST

CVE-2017-14724

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.

Source: National Vulnerability Database | 23 Sep 2017 | 9:29 pm IST

CVE-2017-14718

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.

Source: National Vulnerability Database | 23 Sep 2017 | 9:29 pm IST

CVE-2017-14723

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.

Source: National Vulnerability Database | 23 Sep 2017 | 9:29 pm IST

CVE-2017-14712

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.

Source: National Vulnerability Database | 22 Sep 2017 | 8:29 pm IST

CVE-2017-14716

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.

Source: National Vulnerability Database | 22 Sep 2017 | 8:29 pm IST

CVE-2017-14694

Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f."

Source: National Vulnerability Database | 22 Sep 2017 | 8:29 pm IST

CVE-2017-14713

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.

Source: National Vulnerability Database | 22 Sep 2017 | 8:29 pm IST

CVE-2017-14714

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.

Source: National Vulnerability Database | 22 Sep 2017 | 8:29 pm IST

CVE-2017-14715

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.

Source: National Vulnerability Database | 22 Sep 2017 | 8:29 pm IST

CVE-2017-14717

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.

Source: National Vulnerability Database | 22 Sep 2017 | 8:29 pm IST

CVE-2017-14706

DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.

Source: National Vulnerability Database | 22 Sep 2017 | 7:29 pm IST

CVE-2017-14705

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.

Source: National Vulnerability Database | 22 Sep 2017 | 7:29 pm IST

CVE-2017-6271

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service.

Source: National Vulnerability Database | 22 Sep 2017 | 6:29 pm IST

CVE-2017-6272

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.

Source: National Vulnerability Database | 22 Sep 2017 | 6:29 pm IST

CVE-2017-6266

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.

Source: National Vulnerability Database | 22 Sep 2017 | 6:29 pm IST

CVE-2017-6267

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.

Source: National Vulnerability Database | 22 Sep 2017 | 6:29 pm IST

CVE-2017-6269

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.

Source: National Vulnerability Database | 22 Sep 2017 | 6:29 pm IST

CVE-2017-6270

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service.

Source: National Vulnerability Database | 22 Sep 2017 | 6:29 pm IST

CVE-2017-6268

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.

Source: National Vulnerability Database | 22 Sep 2017 | 6:29 pm IST

CVE-2017-6277

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.

Source: National Vulnerability Database | 22 Sep 2017 | 6:29 pm IST

CVE-2017-14081

Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

Source: National Vulnerability Database | 22 Sep 2017 | 5:29 pm IST

CVE-2017-14080

Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.

Source: National Vulnerability Database | 22 Sep 2017 | 5:29 pm IST

CVE-2017-11396

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.

Source: National Vulnerability Database | 22 Sep 2017 | 5:29 pm IST

CVE-2017-14078

SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

Source: National Vulnerability Database | 22 Sep 2017 | 5:29 pm IST

CVE-2017-14079

Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

Source: National Vulnerability Database | 22 Sep 2017 | 5:29 pm IST

CVE-2017-11395

Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.

Source: National Vulnerability Database | 22 Sep 2017 | 5:29 pm IST

CVE-2017-3770

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.

Source: National Vulnerability Database | 22 Sep 2017 | 3:29 pm IST

CVE-2017-3763

An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.

Source: National Vulnerability Database | 22 Sep 2017 | 3:29 pm IST

CVE-2017-9393

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.

Source: National Vulnerability Database | 22 Sep 2017 | 3:29 pm IST

CVE-2017-14688

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917."

Source: National Vulnerability Database | 22 Sep 2017 | 9:29 am IST

CVE-2017-14693

IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613."

Source: National Vulnerability Database | 22 Sep 2017 | 9:29 am IST

CVE-2017-14691

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a."

Source: National Vulnerability Database | 22 Sep 2017 | 9:29 am IST

CVE-2017-14689

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e."

Source: National Vulnerability Database | 22 Sep 2017 | 9:29 am IST

CVE-2017-14690

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7."

Source: National Vulnerability Database | 22 Sep 2017 | 9:29 am IST

CVE-2017-14692

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."

Source: National Vulnerability Database | 22 Sep 2017 | 9:29 am IST

CVE-2017-14637

In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address.

Source: National Vulnerability Database | 22 Sep 2017 | 8:29 am IST

CVE-2017-14653

member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter.

Source: National Vulnerability Database | 22 Sep 2017 | 8:29 am IST

CVE-2017-14636

Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element.

Source: National Vulnerability Database | 22 Sep 2017 | 8:29 am IST

CVE-2017-14686

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.

Source: National Vulnerability Database | 22 Sep 2017 | 7:29 am IST

CVE-2017-14687

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons.

Source: National Vulnerability Database | 22 Sep 2017 | 7:29 am IST

CVE-2017-14685

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.

Source: National Vulnerability Database | 22 Sep 2017 | 7:29 am IST

CVE-2017-8012

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.

Source: National Vulnerability Database | 22 Sep 2017 | 2:29 am IST

CVE-2017-8007

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.

Source: National Vulnerability Database | 22 Sep 2017 | 2:29 am IST

CVE-2017-14684

In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.

Source: National Vulnerability Database | 22 Sep 2017 | 2:29 am IST

CVE-2017-14682

GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.

Source: National Vulnerability Database | 22 Sep 2017 | 12:29 am IST

CVE-2017-14680

ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.

Source: National Vulnerability Database | 22 Sep 2017 | 12:29 am IST

CVE-2017-14681

The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.

Source: National Vulnerability Database | 22 Sep 2017 | 12:29 am IST

CVE-2017-9281

An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service.

Source: National Vulnerability Database | 21 Sep 2017 | 11:29 pm IST

CVE-2017-9282

An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.

Source: National Vulnerability Database | 21 Sep 2017 | 11:29 pm IST

CVE-2017-9283

An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.

Source: National Vulnerability Database | 21 Sep 2017 | 11:29 pm IST

CVE-2017-7544

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.

Source: National Vulnerability Database | 21 Sep 2017 | 10:29 pm IST

CVE-2017-12170

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.

Source: National Vulnerability Database | 21 Sep 2017 | 10:29 pm IST

CVE-2017-7549

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

Source: National Vulnerability Database | 21 Sep 2017 | 10:29 pm IST

CVE-2017-14652

SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.

Source: National Vulnerability Database | 21 Sep 2017 | 9:29 pm IST

CVE-2017-14651

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

Source: National Vulnerability Database | 21 Sep 2017 | 7:29 pm IST

CVE-2017-14649

ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14642

A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash in AP4_StdcFileByteStream::ReadPartial in System/StdC/Ap4StdCFileByteStream.cpp, which leads to remote denial of service.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14644

A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14641

A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14648

A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14650

A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14639

AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14647

A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14646

The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14643

The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14638

AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14645

A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14640

A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

Source: National Vulnerability Database | 21 Sep 2017 | 6:29 pm IST

CVE-2017-14320

Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.

Source: National Vulnerability Database | 21 Sep 2017 | 5:29 pm IST

CVE-2015-1187

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

Source: National Vulnerability Database | 21 Sep 2017 | 5:29 pm IST

CVE-2017-12929

Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.

Source: National Vulnerability Database | 21 Sep 2017 | 5:29 pm IST

CVE-2017-14321

Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket.

Source: National Vulnerability Database | 21 Sep 2017 | 5:29 pm IST

CVE-2017-12930

SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.

Source: National Vulnerability Database | 21 Sep 2017 | 5:29 pm IST

CVE-2017-12928

A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.

Source: National Vulnerability Database | 21 Sep 2017 | 5:29 pm IST

CVE-2015-3887

Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.

Source: National Vulnerability Database | 21 Sep 2017 | 5:29 pm IST

CVE-2017-11001

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-10998

In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region. If the buffer length is large enough then the address + length operation could overflow and produce a result far below the valid region.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-12153

A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-11040

In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-9676

In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-11041

In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-9724

In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-8280

In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-8278

In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-11002

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-8250

In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are too large or negative.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-8251

In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-8277

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-9725

In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-9677

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-8247

In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to get_pid being called more than once, however put_pid being called only once in function "msm_close".

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

CVE-2017-8281

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.

Source: National Vulnerability Database | 21 Sep 2017 | 4:29 pm IST

count: 100