jell.ie CVEs

Read at: 2017-11-21T08:05:09+00:00

CVE-2017-12111

An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability.

Source: National Vulnerability Database | 20 Nov 2017 | 10:29 pm GMT

CVE-2017-2896

An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Source: National Vulnerability Database | 20 Nov 2017 | 10:29 pm GMT

CVE-2017-2897

An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Source: National Vulnerability Database | 20 Nov 2017 | 10:29 pm GMT

CVE-2017-12110

An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution.

Source: National Vulnerability Database | 20 Nov 2017 | 10:29 pm GMT

CVE-2017-2919

An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability

Source: National Vulnerability Database | 20 Nov 2017 | 10:29 pm GMT

CVE-2017-16908

In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.

Source: National Vulnerability Database | 20 Nov 2017 | 8:29 pm GMT

CVE-2017-12608

A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

Source: National Vulnerability Database | 20 Nov 2017 | 8:29 pm GMT

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.

Source: National Vulnerability Database | 20 Nov 2017 | 8:29 pm GMT

CVE-2017-16906

In Horde Groupware 5.2.19, there is XSS via the URL field in a "Calendar -> New Event" action.

Source: National Vulnerability Database | 20 Nov 2017 | 8:29 pm GMT

CVE-2017-16907

In Horde Groupware 5.2.19, there is XSS via the Color field in a Create Task List action.

Source: National Vulnerability Database | 20 Nov 2017 | 8:29 pm GMT

CVE-2017-15527

Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.

Source: National Vulnerability Database | 20 Nov 2017 | 7:29 pm GMT

CVE-2017-16903

LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.

Source: National Vulnerability Database | 20 Nov 2017 | 7:29 pm GMT

CVE-2017-16904

The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator.

Source: National Vulnerability Database | 20 Nov 2017 | 7:29 pm GMT

CVE-2017-12607

A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

Source: National Vulnerability Database | 20 Nov 2017 | 7:29 pm GMT

CVE-2017-16899

An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.

Source: National Vulnerability Database | 20 Nov 2017 | 6:29 pm GMT

CVE-2017-16902

On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.

Source: National Vulnerability Database | 20 Nov 2017 | 6:29 pm GMT

CVE-2017-16898

The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264.

Source: National Vulnerability Database | 20 Nov 2017 | 5:29 pm GMT

CVE-2017-9806

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

Source: National Vulnerability Database | 20 Nov 2017 | 5:29 pm GMT

CVE-2017-16896

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.

Source: National Vulnerability Database | 20 Nov 2017 | 4:29 pm GMT

CVE-2016-6804

The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon.

Source: National Vulnerability Database | 20 Nov 2017 | 3:29 pm GMT

CVE-2017-11400

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. This occurs because the appliance_config file is signed but the .tar.sec file is unsigned.

Source: National Vulnerability Database | 20 Nov 2017 | 3:29 pm GMT

CVE-2017-11402

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the firewall. The attack methodology is a crafted OPC dynamic port shift.

Source: National Vulnerability Database | 20 Nov 2017 | 3:29 pm GMT

CVE-2017-11401

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering.

Source: National Vulnerability Database | 20 Nov 2017 | 3:29 pm GMT

CVE-2017-16544

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Source: National Vulnerability Database | 20 Nov 2017 | 3:29 pm GMT

CVE-2017-15110

In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

Source: National Vulnerability Database | 20 Nov 2017 | 2:29 pm GMT

CVE-2017-16894

In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. The writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php does not restrict the .env permissions.

Source: National Vulnerability Database | 20 Nov 2017 | 1:29 am GMT

CVE-2017-16892

In Bftpd before 4.7, there is a memory leak in the file rename function.

Source: National Vulnerability Database | 19 Nov 2017 | 5:29 pm GMT

CVE-2017-16882

Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.

Source: National Vulnerability Database | 18 Nov 2017 | 6:29 pm GMT

CVE-2017-16883

The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.

Source: National Vulnerability Database | 18 Nov 2017 | 6:29 pm GMT

CVE-2017-16881

b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java.

Source: National Vulnerability Database | 18 Nov 2017 | 1:29 pm GMT

CVE-2017-14077

HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.

Source: National Vulnerability Database | 18 Nov 2017 | 1:29 am GMT

CVE-2017-16566

On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device.

Source: National Vulnerability Database | 17 Nov 2017 | 11:29 pm GMT

CVE-2017-1000126

exiv2 0.26 contains a Stack out of bounds read in webp parser

Source: National Vulnerability Database | 17 Nov 2017 | 10:29 pm GMT

CVE-2017-1000127

Exiv2 0.26 contains a heap buffer overflow in tiff parser

Source: National Vulnerability Database | 17 Nov 2017 | 10:29 pm GMT

CVE-2017-1000221

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.

Source: National Vulnerability Database | 17 Nov 2017 | 10:29 pm GMT

CVE-2017-1000128

Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser

Source: National Vulnerability Database | 17 Nov 2017 | 10:29 pm GMT

CVE-2017-1000217

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.

Source: National Vulnerability Database | 17 Nov 2017 | 10:29 pm GMT

CVE-2017-16880

The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.

Source: National Vulnerability Database | 17 Nov 2017 | 9:29 pm GMT

CVE-2017-1000190

SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.

Source: National Vulnerability Database | 17 Nov 2017 | 9:29 pm GMT

CVE-2017-1000163

The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.

Source: National Vulnerability Database | 17 Nov 2017 | 9:29 pm GMT

CVE-2017-1000230

The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.

Source: National Vulnerability Database | 17 Nov 2017 | 9:29 pm GMT

CVE-2017-1000227

Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can

Source: National Vulnerability Database | 17 Nov 2017 | 9:29 pm GMT

CVE-2017-4939

VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.

Source: National Vulnerability Database | 17 Nov 2017 | 9:29 pm GMT

CVE-2017-16845

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.

Source: National Vulnerability Database | 17 Nov 2017 | 8:29 pm GMT

CVE-2017-14111

The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.

Source: National Vulnerability Database | 17 Nov 2017 | 8:29 pm GMT

CVE-2017-1000215

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution

Source: National Vulnerability Database | 17 Nov 2017 | 8:29 pm GMT

CVE-2017-6168

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself.

Source: National Vulnerability Database | 17 Nov 2017 | 7:29 pm GMT

CVE-2017-1000168

sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys

Source: National Vulnerability Database | 17 Nov 2017 | 6:29 pm GMT

CVE-2017-1000169

QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.

Source: National Vulnerability Database | 17 Nov 2017 | 6:29 pm GMT

CVE-2017-13702

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.

Source: National Vulnerability Database | 17 Nov 2017 | 6:29 pm GMT

CVE-2017-13700

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.

Source: National Vulnerability Database | 17 Nov 2017 | 6:29 pm GMT

CVE-2017-13703

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.

Source: National Vulnerability Database | 17 Nov 2017 | 6:29 pm GMT

CVE-2017-1000170

jqueryFileTree 2.1.5 and older Directory Traversal

Source: National Vulnerability Database | 17 Nov 2017 | 6:29 pm GMT

CVE-2017-16877

ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 pm GMT

CVE-2017-16819

A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 pm GMT

CVE-2017-1000191

Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 pm GMT

CVE-2017-1000192

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information.

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 pm GMT

CVE-2017-16875

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.

Source: National Vulnerability Database | 17 Nov 2017 | 4:29 pm GMT

CVE-2017-1000212

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.

Source: National Vulnerability Database | 17 Nov 2017 | 3:29 pm GMT

CVE-2017-1000211

Lynx version 2.8.8 and older is vulnerable to a use after free in the HTML parser resulting in memory disclosure.

Source: National Vulnerability Database | 17 Nov 2017 | 3:29 pm GMT

CVE-2017-1000206

samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution

Source: National Vulnerability Database | 17 Nov 2017 | 3:29 pm GMT

CVE-2017-1000203

ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution

Source: National Vulnerability Database | 17 Nov 2017 | 3:29 pm GMT

CVE-2017-4934

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-4936

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-4935

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-4929

VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-10887

Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-10888

BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-4928

The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-10886

Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-4927

VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-4938

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-10890

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-10889

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-4937

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.

Source: National Vulnerability Database | 17 Nov 2017 | 2:29 pm GMT

CVE-2017-16872

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.

Source: National Vulnerability Database | 17 Nov 2017 | 9:29 am GMT

CVE-2017-16869

** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever."

Source: National Vulnerability Database | 17 Nov 2017 | 9:29 am GMT

CVE-2017-16868

In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.

Source: National Vulnerability Database | 17 Nov 2017 | 9:29 am GMT

CVE-2017-16871

The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter.

Source: National Vulnerability Database | 17 Nov 2017 | 9:29 am GMT

CVE-2017-16870

The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction.

Source: National Vulnerability Database | 17 Nov 2017 | 9:29 am GMT

CVE-2017-1000229

Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 am GMT

CVE-2017-1000223

A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS.

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 am GMT

CVE-2017-1000158

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 am GMT

CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 am GMT

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 am GMT

CVE-2017-1000125

Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 am GMT

CVE-2017-1000129

Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 am GMT

CVE-2017-1000164

Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 am GMT

CVE-2017-1000225

Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can

Source: National Vulnerability Database | 17 Nov 2017 | 5:29 am GMT

CVE-2017-1000232

A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.

Source: National Vulnerability Database | 17 Nov 2017 | 4:29 am GMT

CVE-2017-1000235

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.

Source: National Vulnerability Database | 17 Nov 2017 | 4:29 am GMT

CVE-2017-1000234

I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter

Source: National Vulnerability Database | 17 Nov 2017 | 4:29 am GMT

CVE-2017-1000237

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.

Source: National Vulnerability Database | 17 Nov 2017 | 4:29 am GMT

CVE-2017-1000236

I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.

Source: National Vulnerability Database | 17 Nov 2017 | 4:29 am GMT

CVE-2017-1000248

Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis

Source: National Vulnerability Database | 17 Nov 2017 | 4:29 am GMT

CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

Source: National Vulnerability Database | 17 Nov 2017 | 4:29 am GMT

CVE-2017-1000231

A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.

Source: National Vulnerability Database | 17 Nov 2017 | 4:29 am GMT

CVE-2017-1000247

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.

Source: National Vulnerability Database | 17 Nov 2017 | 4:29 am GMT

CVE-2017-1000172

Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition.

Source: National Vulnerability Database | 17 Nov 2017 | 3:29 am GMT

CVE-2017-1000173

Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow.

Source: National Vulnerability Database | 17 Nov 2017 | 3:29 am GMT

count: 100