Security Technology: June 2017

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!

Petya Wreaks Havoc in the Wake of WannaCry

Hot on the heels of the global WannaCry outbreak in May, there’s been a wave of what looks like copycat malware sweeping the globe again. However, there may more to this than meets the eye, more than a simple new variant of an already established ransomware borrowing propagation techniques.

As Cities Get Smarter, So Should Their Security

Today, more urban centers than ever are implementing a range of advanced technological systems. These sensors and networks used in combination with citizens’ mobile devices create smarter cities with a multitude of capabilities.

Large-Scale Petya Ransomware Attack Hit Europe

A large-scale ransomware attack caused by a variant of the Petya ransomware is currently hitting various users, particularly in Europe. This variant, which Trend Micro already detects as RANSOM_PETYA.SMA, is known to use both the EternalBlue exploit and the PsExec tool as infection vectors.

Information Stealer Found Hitting Israeli Hospitals

The abuse of shortcut (LNK) files is steadily gaining traction among cybercriminals. We’ve seen a plethora of threats that leverage malicious LNK files: from well-known-ransomware families, backdoors typically deployed in targeted attacks, banking Trojans to spam emails and more.

Global Cyberattack Demanding Ransom Had Nothing to do with Money

Despite infecting thousands of computers, Petya, the so-called ransomware has generated just over $10,000 for the hackers, a tiny fraction of the cost of the damage inflicted on the affected companies. Experts believe the real attack is being camouflaged to deflect attention.

The Amount of Malware for Macs Is Continuing to Surge

Macs have always enjoyed a reputation as being virus-free. Apple’s famous “I’m a Mac” adverts played on it, comparing the constant security fears on Windows to the ease and safety of its OS X (now called MacOS) operating system. But that’s no longer the case.

It Costs About $400,000 to Influence an Election

About $400,000 is the sum it takes to buy followers on social media platforms like Facebook and Twitter, hire companies to write and disseminate fake news postings over a period of 12 months, and run sophisticated web sites to influence public opinion.

Bankers Are Hiring Cybersecurity Experts to Help Get Deals Done

Companies and investment funds are adding an extra layer of scrutiny to acquisitions by screening targets for cybersecurity risks, as global attacks raise awareness. Michael Bittan, head of Deloitte’s Cyber Risk Services unit in France said, “Cybersecurity is not about getting technical, it’s about business impact.”

There are 5 Things You Could Be Doing If You’re Failing at Cybersecurity

Cyberattacks are happening in every industry and organization size. Just read through your Twitter feed or turn on the news on any given day and you’ll see. It’s obvious that these attacks are increasing in number and sophistication, and I think we can all agree that this trend will continue.

Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.

from Trend Micro Simply Security http://ift.tt/2tt326r

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 26, 2017

The late 70s/early 80s American television show Three’s Company was one of my favorite shows growing up. The central theme of the show revolved around the lives of three roommates. Each episode usually involved a misunderstanding, then chaos would ensue. In the end, everything would turn out okay. Unfortunately, this week’s episode of “ransomware in the news” isn’t over – there are still misunderstandings about the latest attack named “Petya,” even on what to call it!

This past Tuesday, a ransomware attack similar to WannaCry shut down computers all over the world. It was initially thought that this new attack was an updated version of Petya from 2016. Others said it was a whole new malware that had Petya characteristics. Even further, now there is speculation that it’s not ransomware at all – that its objective was to permanently destroy data. No extortion – just destruction – and no happy ending to this week’s episode.

Trend Micro TippingPoint continues to actively review the situation in order to recommend coverage for customers using TippingPoint solutions. As of this blog posting, we have verified the following vulnerability Digital Vaccine® (DV) filters that protect against the propagation of the Petya ransomware listed in the table below:

CVE Number	DV Filter(s)	Category	Default Deployment	Comments
CVE-2017-0144 CVE-2017-0146	27298	Vulnerabilities	Disabled	SMB: Microsoft Windows SMB Remote Code Execution Vulnerability (EternalBlue)
CVE-2017-0147	27931	Vulnerabilities	Disabled	SMB: Microsoft Windows SMBv1 Information Disclosure Vulnerability (EternalRomance)

Customers who wish to enforce generic policy at the network perimeter can use the following security policy filter to block all inbound SMBv1 traffic:

CVE Number	DV Filter(s)	Category	Default Deployment	Comments
None	28471	Security Policy	Disabled	SMB: SMBv1 Successful Protocol Negotiation

Customers with questions or who need technical assistance can contact the TippingPoint Technical Assistance Center (TAC). For further information related to Trend Micro’s response and our recommendations as a whole, please visit http://ift.tt/2seNZhd.

Zero-Day Filters

There are nine new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative web site.

Foxit (4)

28746: ZDI-CAN-4721: Zero Day Initiative Vulnerability (Foxit Reader)
28747: ZDI-CAN-4722: Zero Day Initiative Vulnerability (Foxit Reader)
28748: ZDI-CAN-4723: Zero Day Initiative Vulnerability (Foxit Reader)
28749: ZDI-CAN-4855: Zero Day Initiative Vulnerability (Foxit Reader)

Hewlett Packard Enterprise (1)

28898: ZDI-CAN-4869: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)

Quest (4)

28751: ZDI-CAN-4224,4225,4229-4235,4237,4286,4316: Zero Day Initiative Vulnerability(Quest NetVault Backup)
28893: ZDI-CAN-4226-4228: Zero Day Initiative Vulnerability (Quest NetVault Backup)
28894: ZDI-CAN-4238,4287,4289,4292,4294: Zero Day Initiative Vulnerability (Quest NetVault Backup)
28896: ZDI-CAN-4752: Zero Day Initiative Vulnerability (Quest NetVault Backup)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

from Trend Micro Simply Security http://ift.tt/2t7QrTL

Petya Ransomware Lateral Movement Remote Code Execution

Petya is a malware that infects Windows computers, encrypting files and demanding ransom to decrypt the files. Once a network is infected the malware propagates laterally to further infect devices on the network.

from Check Point Update Services Advisories http://ift.tt/2tpEJqK

The Law of Unintended Outbreak – Who Is at Risk from Petya?

Cyber crime can impact individual users and businesses anywhere in the world.

Hot on the heels of the global WannaCry outbreak in May, yesterday saw a wave of what looked like copycat malware sweeping the globe again. However, on closer inspection there may more to this than meets the eye, more than a simple new variant of an already established ransomware borrowing propagation techniques from WannaCry.

The attack itself certainly seems to have been originally planned as a targeted attack, originating with a compromise of Ukrainian accounting software MEDoc’s update infrastructure (seemingly admitted on their website but categorically denied by MEDoc on facebook). This island-hopping attack starting with a smaller software vendor, whose product is mandated for companies paying taxes in Ukraine, may well have been targeted specifically at that country. However, as with every notionally targeted attack there has been collateral damage.

The fact that the malware was set to wait five days before triggering on the 27^th June, a day before a Ukrainian public holiday celebrating the ratification of its new constitution in 1996, also lends circumstantial weight to the proposition that the attack was targeted primarily at victims in Ukraine.

Disruption?

Some of the names of prominent global victims, WPP, Maersk and Saint-Gobain for example all have offices and operations in Ukraine and are likely users of MEDoc, some have even posted job ads for accounting specialists with MEDoc skills. Also Rosneft, Russia’s state-owned oil company, although not necessarily corporate users of MEDoc, still have a presence in Ukraine and thus may be exposed to MEDoc within their network.

It seems that this cyber-attack is following the law of unintended consequences, with the victim population very rapidly spreading outside of Ukraine and encompassing organisations and partners of organisations who have a presence in Ukraine.

Money?

The creators of this particular malware, borrowing code from Petya, reusing exploits abused by WannaCry, adding password hash harvesting and two further network propagation techniques, using code obfuscation and fake Microsoft certificates are clearly skilled and experienced. The possibility of this latest outbreak being traditional financially-motivated online crime, at least at surface level, seem obvious but for one thing; the ransom payment mechanism.

Why does the payment mechanism rely on a single hard-coded Bitcoin wallet, and the transmission of an email containing the victim’s bitcoin wallet ID and “personal installation key” (a handy 69 characters that can’t be copy/pasted) to an email address that was always going to be rapidly shut down by the entirely reputable hosting company Posteo based in Berlin? It’s almost as if the creators never intended to reap the financial rewards…

Am I vulnerable?

So far, all the highly-effective propagation mechanisms are finely-tuned for internal network-based spread at a rapid pace. There does not appear to have been a major external facing campaign to deliver this payload beyond the user base of MEDoc software.

If your organisation has a presence in Ukraine, or has immediate partners who do business in Ukraine, then you should consider yourselves directly at risk. Outside of this immediate group, while your risk level from this particular attack drops significantly, there’s no such thing as a cast iron guarantee and it only takes on device on your network to start a devastating outbreak. The six degrees of Kevin Bacon after all demonstrates how few links apart we all are (my own Bacon number is 3).

For technical details about this outbreak and advice on how best to mitigate please see our constantly updated Petya (2017) Ransomware Attack Information and our FAQ. For a technical analysis of the malware in question, have a look at our Security Intelligence blog.

For general advice on ransomware and access to free industrywide decryption tools, please visit nomoreransom.org.

from Trend Micro Simply Security http://ift.tt/2t1o7Cs

ZDI-17-451: (Pwn2Own) Microsoft Windows XPS Document Writer Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

from ZDI: Published Advisories http://ift.tt/2ufzRRx

ZDI-17-450: (Pwn2Own) Microsoft Windows WarpKMSubmitCommandVirtual Uninitialized Memory Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

from ZDI: Published Advisories http://ift.tt/2ufDwi3

ZDI-17-449: Cisco Prime Collaboration Provisioning Logs Directory Improper Access Control Information Disclosure Vulnerability

This vulnerability allows disclose sensitive information on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability.

from ZDI: Published Advisories http://ift.tt/2te3LZp

ZDI-17-448: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability.

from ZDI: Published Advisories http://ift.tt/2tdIvCR

ZDI-17-447: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability.

from ZDI: Published Advisories http://ift.tt/2te3F3Z

ZDI-17-446: Cisco Prime Collaboration Provisioning licensestatus Directory Traversal Arbitrary File Deletion Vulnerability

ZDI-17-445: Cisco Prime Collaboration Provisioning ScriptMgr Servlet Authentication Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability.

from ZDI: Published Advisories http://ift.tt/2rUOb0Z

As Cities Get Smarter, So Should Their Security

Seamless Exploit Kits Traffic Distribution System

Seamless Traffic Distribution System (TDS) operates by silently redirecting the victim to a malicious web page, leading to infection by an exploit kit. Successful infection will allow the attacker to download additional malware to the target.

from Check Point Update Services Advisories http://ift.tt/2tbtCR8

Microsoft Malware Protection Engine VFS API Remote Code Execution (CVE-2017-8558)

A memory corruption vulnerability has been reported in Microsoft Malware Protection Engine. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file. A successful exploitation could lead to arbitrary code execution.

from Check Point Update Services Advisories http://ift.tt/2u9C9S6

HPE Intelligent Management Center dbman FileTrans Arbitrary File Write (CVE-2017-5822)

An arbitrary file write vulnerability has been reported in the dbman component of HPE Intelligent Management Center. The vulnerability is due to lack of authentication on FileTrans commands, used to transfer files to the host running dbman. A remote, unauthenticated attacker can exploit the vulnerability by sending a maliciously crafted packet to the target server.

from Check Point Update Services Advisories http://ift.tt/2sa2frp

Mozilla Firefox WebGL Integer Overflow (CVE-2017-5459)

A memory corruption vulnerability exists in WebGL components of Mozilla Firefox. The vulnerability is due to an integer overflow in Intersect function while calculating destination frame buffer width and height. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted web page.

from Check Point Update Services Advisories http://ift.tt/2sTDVXR

OpenLDAP ldapsearch pagesize Double Free Denial of Service (CVE-2017-9287)

A double free vulnerability exists in the ldapsearch function of OpenLDAP. The vulnerability is due to improper handling of ldapsearch queries with a pagesize of 0. A remote attacker can exploit this vulnerability by sending a crafted query to he target OpenLDAP server.

from Check Point Update Services Advisories http://ift.tt/2t9GlEW

Digium Asterisk chan_skinny SCCP packet Denial of Service

A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to a processing flaw in the chan_skinny SCCP packet processing module. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted SCCP packet to a vulnerable Asterisk server.

from Check Point Update Services Advisories http://ift.tt/2tIUp5n

OpenVPN P_CONTROL Denial of Service (CVE-2017-7478)

A denial-of-service vulnerability exists in OpenVPN. This vulnerability is due to an assertion in OpenVPN server that can be reached during the processing of a malicious packet. A remote, unauthenticated attacker can exploit this vulnerability to cause the OpenVPN server program to terminate, resulting in a denial-of-service condition.

from Check Point Update Services Advisories http://ift.tt/2t9U922

ISC BIND DNS64 and RPZ Query Processing Denial of Service (CVE-2017-3135)

A denial-of-service vulnerability exists in ISC BIND. The vulnerability is due to a defect that can cause the named service to exit with an assertion failure or crash due to a NULL pointer dereference while processing a query and running a specific configuration. A remote, unauthenticated attacker could exploit this vulnerability by sending a query to an affected server running the affected configuration.

from Check Point Update Services Advisories http://ift.tt/2t9xLWw

Quest Privilege Manager pmmasterd Buffer Overflow (CVE-2017-6553)

A Buffer Overflow vulnerability exists in Quest One Identity Privilege Manager. The vulnerability is due to improper handling requests. A remote, unauthenticated attacker could exploit this vulnerability to run arbitrary code with elevated privileges.

from Check Point Update Services Advisories http://ift.tt/2tIPNMq

Trend Micro SafeSync for Enterprise deviceTool.pm get_nic_device SQL Injection

An SQL Injection vulnerability exists in Trend Micro's SafeSync's deviceTool.pm Perl module. The vulnerability is due to insufficient validation of the user-supplied role or role parameter when sending a query to get the information about a SafeSync nic device. A remote, authenticated, attacker could exploit this vulnerability by sending an HTTP request with a malicious SQL query to the target server.

from Check Point Update Services Advisories http://ift.tt/2t9qqGw

AlienVault USM and OSSIM fqdn get_fqdn Command Injection

A command injection vulnerability exists in AlienVault USM and OSSIM. The vulnerability is due to a failure to sanitize input on requests to get_fqdn function. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable application.

from Check Point Update Services Advisories http://ift.tt/2tIPMIm

Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS (CVE-2017-7309)

Three cross-site scripting vulnerabilities exist in Mantis Bug Tracker (MantisBT). These vulnerabilities are due to insufficient input validation of the action, type and config_option HTTP parameters by adm_config_report.php and move_attachments_page.php. A remote attacker could exploit this vulnerability by enticing a target user to click on a specially crafted URL in an entry on the server.

from Check Point Update Services Advisories http://ift.tt/2t9iMfr

Trend Micro SafeSync for Enterprise deviceTool.pm get_device_info SQL Injection

An SQL Injection vulnerability exists in Trend Micro's SafeSync for Enterprise deviceTool.pm page. The vulnerability is due to insufficient validation of the user-supplied role or device_id parameter when sending a query to get the information about a SafeSync storage device.A remote, authenticated, attacker could exploit this vulnerability by sending an HTTP request with a malicious SQL query to the target server.

from Check Point Update Services Advisories http://ift.tt/2tINOHU

IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow (CVE-2017-1092)

A heap buffer overflow exists in IBM's Informix Dynamic Server and Informix Open Admin Tool. The vulnerability is due an input validation error when processing requests sent to index.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request.

from Check Point Update Services Advisories http://ift.tt/2t9OcCr

ZDI-17-444: Cisco WebEx Network Recording Player ARF File Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

from ZDI: Published Advisories http://ift.tt/2tYhgt3

ZDI-17-443: Cisco WebEx Network Recording Player ARF File Memory Corruption Remote Code Execution Vulnerability

ZDI-17-442: Cisco WebEx Network Recording Player ARF File CImageList Use-After-Free Remote Code Execution Vulnerability

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 19, 2017

Yesterday I celebrated my 29^th birthday (again) and it was great to celebrate with friends, family, and coworkers. They say age is just a number, and I truly believe that. Unfortunately, we live in a world where laws require us to count numbers so that it can be determined if we can vote, drink, rent a car, and even retire from the workforce.

In our cyber security world, we love to count. In the world of the Zero Day Initiative (ZDI), the number of vulnerabilities disclosed so far in 2017 is just a number, but it’s a really big number! Last year, the ZDI publicly disclosed a record 690 vulnerabilities covering almost 50 vendors. As of the publishing of this blog, the number currently stands at 441! Is this the year we hit 1,000? Only time will tell. In the meantime, I invite you to take a sneak peek into the inner workings of the ZDI by reading Dustin Child’s blog: The Inside Scoop on the World’s Leading Bug Bounty Program.

Adobe Security Updates

This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before June 13, 2017. The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an (*) shipped prior to this DV package, providing zero-day protection for our customers. You can get more detailed information on this month’s security updates from Dustin Childs’ June 2017 Security Update Review from the Zero Day Initiative:

Bulletin #	CVE #	Digital Vaccine Filter #	Status
APSB17-17	CVE-2017-3075	*28094
APSB17-17	CVE-2017-3076	28656
APSB17-17	CVE-2017-3077	28669
APSB17-17	CVE-2017-3078	28657
APSB17-17	CVE-2017-3079	28658
APSB17-17	CVE-2017-3081	28659
APSB17-17	CVE-2017-3082	28660
APSB17-17	CVE-2017-3083	28661
APSB17-17	CVE-2017-3084	28662

Zero-Day Filters

There are 24 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (16)

28654: ZDI-CAN-4733: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28660: HTTP: Adobe Flash determinePreferredLocales Memory Corruption Vulnerability (ZDI-17-408)
28661: HTTP: Adobe Flash Profile Objects Use-After-Free Vulnerability (ZDI-17-406)
28662: HTTP: Adobe Flash AdvertisingMetadata Use-After-Free Vulnerability (ZDI-17-407)
28663: ZDI-CAN-4734: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28664: ZDI-CAN-4746: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28666: ZDI-CAN-4747: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28668: ZDI-CAN-4767: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28730: ZDI-CAN-4827: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28731: ZDI-CAN-4828: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28732: ZDI-CAN-4829: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28733: ZDI-CAN-4830: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28734: ZDI-CAN-4842: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28735: ZDI-CAN-4843: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28736: ZDI-CAN-4844: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
28741: ZDI-CAN-4854: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)

Hewlett Packard Enterprise (3)

	28633: HTTP: HPE Network Automation FileServlet Information Disclosure Vulnerability (ZDI-17-330) 28634: HTTPS: HPE Network Automation FileServlet Information Disclosure Vulnerability (ZDI-17-330) 28740: ZDI-CAN-4853: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)

Microsoft (2)

	28729: ZDI-CAN-4826: Zero Day Initiative Vulnerability (Microsoft Chakra) 28737: ZDI-CAN-4845: Zero Day Initiative Vulnerability (Microsoft Office Word)

Trend Micro (3)

	28535: HTTPS: Trend Micro InterScan Web Security testConfiguration Command Injection (ZDI-17-232) 28723: ZDI-CAN-4780: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise) 28724: ZDI-CAN-4784-4785,4805: Zero Day Initiative Vulnerability (Trend Micro Mobile Security)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

from Trend Micro Simply Security http://ift.tt/2rZereA

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Erebus Resurfaces as Linux Ransomware

On June 10, South Korean web hosting company NAYANA was hit by Erebus ransomware (detected by Trend Micro as RANSOM_ELFEREBUS.A), infecting 153 Linux servers and over 3,400 business websites the company hosts.

AdGholas Malvertising Campaign Employs Astrum Exploit Kit

At the end of April this year, we found Astrum exploit kit employing Diffie-Hellman key exchange to prevent monitoring tools and researchers from replaying their traffic. As AdGholas started to push the exploit, we saw another evolution: Astrum using HTTPS to further obscure their malicious traffic.

The World’s Leading Bug Bounty Program Shares Inside Scoop

Customers of the TippingPoint Intrusion Prevention Systems and Threat Protection Systems know the ZDI as the group that buys 0-days so they have protections before the affected vendor releases a patch. Outside of those communities, there may be misconceptions about what happens behind the scenes.

Cyber Attack at Honda Stops Production after WannaCry Worm Strikes

The WannaCry worm is still alive. Honda said this week that it was forced to halt production for one day at its Sayama plant near Tokyo after finding the WannaCry ransomware in its computer network. This virus is the same one that infected over one million machines worldwide.

Follow the Trail of BlackTech’s Cyber Espionage Campaigns

BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes and domain names of some of their C&C servers, BlackTech’s campaigns are likely designed to steal their target’s technology.

Servers Are Different When it comes to Ransomware and Advanced Attacks

Ransomware and other advanced attacks are the scourge of the modern IT security team. If allowed to gain access to your IT environment, these attacks could shut down the organization, denying access to mission critical applications & data for potentially days, or even indefinitely.

Meet 5 of the World’s Most Dangerous Hacker Groups

Hacking has come a long way from the days of maladjusted teenagers wreaking digital havoc from their basements. Today the biggest and baddest hacker groups are backed by nation-states. They’re called “advanced persistent threats” or APTs.

Bring Data Center Security to Cloud Speed

Trend Micro knew releasing Deep Security 10.0 was a milestone in many ways. The server security solution that stands the test of time was also the end of the traditional monolithic release cycle for our important software users.

Traffic Cameras in Victoria Have Been Infected by WannaCry Ransomware

Approximately 55 traffic cameras in Victoria have been infected with the WannaCry ransomware, according to the Victorian department of justice. Intersection and highway cameras across the state have been affected by the malware, which caused chaos around the world.

Cybersecurity Job Market to Suffer Severe Workforce Shortage

The global cybercrime epidemic – predicted to cost the world $6 trillion annually by 2021 – is creating an unprecedented shortage of cybersecurity workers. These 10 facts, figures, statistics, and observations sum up the employment crisis – and offer a few ideas and programs that may help solve the problem.

Girl Scouts Will Soon Earn Badges in Cybersecurity

Girl Scouts as young as 5 are to be offered the chance to earn their first-ever cyber security badges. U.S. Girl Scouts who master the required skills can attach to their uniform’s sash the first of 18 cybersecurity badges that will be rolled out in September 2018.

Please add your thoughts in the comments below or follow me on Twitter; @JonLClay.

from Trend Micro Simply Security http://ift.tt/2rZhcwl

ZDI-17-441: Apple Safari Node Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

from ZDI: Published Advisories http://ift.tt/2rHZIQY

Good Man Exploit Kits Traffic Distribution System

Good Man Traffic Distribution System (TDS) operates by silently redirecting the victim to a malicious web page, leading to infection by an exploit kit. Successful infection will allow the attacker to download additional malware to the target.

from Check Point Update Services Advisories http://ift.tt/2sV2fuL

Pseudo DarkLeech Exploit Kits Traffic Distribution System

Pseudo DarkLeech Traffic Distribution System (TDS) operates by silently redirecting the victim to a malicious web page, leading to infection by an exploit kit. Successful infection will allow the attacker to download additional malware to the target.

from Check Point Update Services Advisories http://ift.tt/2tSV6IC

RoughTED Exploit Kits Traffic Distribution System

RoughTED Traffic Distribution System (TDS) operates by silently redirecting the victim to a malicious web page, leading to infection by an exploit kit. Successful infection will allow the attacker to download additional malware to the target.

from Check Point Update Services Advisories http://ift.tt/2sV1IsB

The Inside Scoop on the World’s Leading Bug Bounty Program

Within the security researcher community, the Zero Day Initiative (ZDI) program is a well-known entity, representing the world’s largest vendor agnostic bug bounty program. Customers of the TippingPoint Intrusion Prevention Systems (IPS) and Threat Protection Systems (TPS) know the ZDI as the group that buys 0-days so they have protections before the affected vendor releases a patch. Outside of those communities, there may be misconceptions about what happens behind the scenes when dealing with so many bugs.

At a high level, here’s how the program works. An independent researcher finds an otherwise unknown vulnerability (e.g. 0-day) in a piece of software and reports that to the ZDI. The researcher can be from just about anywhere – we have worked with more than 3,000 different researchers from 80+ countries. Being vendor agnostic means the software can be just about anything, too. In 2016, the ZDI purchased 0-days impacting 49 different vendors, including large vendors like Microsoft and Adobe as well as small, industry specific vendors like those in the SCADA realm. Once the bugs are verified by our internal researchers, we buy the bug – offering a variable price based on many factors (i.e. quality of the write-up, ubiquity of the target, ease of exploit, etc.).

Now that we confirmed the bug is real, two different things happen. First, the Digital Vaccine team creates filters for Trend Micro customers, which provides them an overage of 57 days of protection against these 0-days before anyone else. Perhaps more importantly, the bug is then disclosed to the vendor. The ZDI team works with the vendor to ensure a security patch is developed and released to the public. So even if you don’t use any Trend Micro products, your enterprise security is strengthened by the ZDI program. How often does this occur? Well, for the past three years, the ZDI has been the number one supplier of bugs to Microsoft, Adobe, and SCADA vendors amongst others. That equates to more than 2,100 patches just since 2014, and we’ve been doing this since 2005.

Another group familiar with the ZDI program are the vendors receiving our bug reports. Although it may seem to be an adversarial relationship, we do everything we can to assist vendors throughout the process. And vendor size or name recognition doesn’t matter to us – we strive to treat all vendors equitably. We provide accountability to both customers and researchers by listing when vulnerabilities are reported, which is not done by other bug bounty programs. After 120 days, if the vendor hasn’t made a patch available, we release additional information about the bug so that enterprises can gauge the risk to their systems. Unlike some, if the vendor is making significant progress towards a patch, we do extend this deadline provided real work is being done. In fact, there are some that consider us the cheapest and friendliest code audit they didn’t know to ask for, and we’re just fine with that.

Researchers from the ZDI also run the annual Pwn2Own competition, which just celebrated its 10th anniversary. Starting with a simple laptop that had to be exploited (e.g. pwned), a successful attempt earned the researcher the target laptop (thus the own). From those humble beginnings, the contest has evolved into a premier event impacting the security design of the participating targets. The level of difficulty ratchets up, as well. For standard reports through the program, a simple description and demonstration suffices. For Pwn2Own, a fully-functional exploit chain is required for a win. Of course, the prices go up for higher quality exploits, too. This year we awarded $833,000 USD in three days while acquiring 51 new 0-day bugs. These bugs go beyond simple patches. Vendors began implementing defense-in-depth measures and additional protections based on the results of the contest – making each new Pwn2Own more difficult than the last. These improvements reach consumers and enterprise users through updates, making their systems more resilient, as well.

https://www.youtube.com/watch?v=ksX5pIeETxE

Though little known outside specific circles, the ZDI program has wide-ranging impacts. The program assists in the coordinated disclosure of vulnerabilities, which gives affected vendors the opportunity to issue patches to the public before the bugs are used maliciously. By providing public notification dates, we provide accountability to help ensure vendors don’t ignore researcher reports. The resulting patches and program improvements positively impact the community at large, even though they might not have realized where the research originated. As seen in recent ransomware attacks, proper patch management can be the difference between a nuisance and a multimillion-dollar recovery.

There is no such thing as secure software – at least not any software that actually does anything. As the industry and software itself evolves, we’ll continue to evolve with it. Our goal continues to be finding and disclosing security bugs in popular software, working with independent researchers from around the globe, and reporting these findings to the vendors so they can fix things in a timely manner. It might not always be easy, but it will continue to be worth doing – whether everyone realizes it or not.

from Trend Micro Simply Security http://ift.tt/2tSlL8d

Bringing Data Center Security to Cloud Speed

Last week, while visiting the product management team for Deep Security, I asked about their latest release. They surprised me by saying the big news is that there IS a release. Confused, I asked them to elaborate…

You see, when you develop software, you’re faced with many choices, one of which is deciding whether to offer software that a customer can run, or a SaaS version and release new features instantly, as they become available to all users.

SaaS has become a very popular option for software developers these days because the speed of adoption is very fast.

However, what happens when an organization needs your service, but compliance, regulation or company policy dictates that the data and software need to live within their own data center? For any number of reasons, they can’t adopt a SaaS offering. Well, then you must turn to software deployment models that traditionally mean major releases every year or two followed by minor releases.

With Deep Security, we recognized that users needed a choice of deployment models. Some chose SaaS for the low management overhead, easy setup and lower cost of having a hosted security console. Others chose software for large data center deployments or hybrid deployments, due to either compliance or company policy. While we support both options, SaaS has been at the forefront of Trend Micro’s new features and services in recent years. It has introduced features like the new user interface, Smart Folders or SAML Authentication first, while the software management console received them as upgrades in the next major release.

That meant that all of the people using the SaaS model in the cloud were moving at cloud speed, while the data center users were stuck on the ground with a speed limit.

Well that is all about to change.

We knew releasing Deep Security 10.0 was a milestone in many ways. The server security solution that stands the test of time was also the end of the traditional monolithic release cycle for our important software users.

The team has worked tirelessly to bring the agility of a SaaS model to customers using software for hybrid cloud deployments. With our new approach to software releases, we will release feature packs that deliver major features as they come available, eliminating the need to wait for the next major release. Starting with Trend Micro Deep Security 10.1, we will bring major updates to software users with feature packs released as features become available prior to the next major release. Bringing this agility to the data center is an impactful step in ensuring our customers have the latest advanced security protection and features at all times. Of course, not all organizations move at the speed of cloud, but having this option is the big step forward for some and a requirement for others.

Deep Security 10.1 will include major advancements like Windows application control, advanced identity management with SAML support, zero-impact updates for the network security functions, and an in-product news feed to keep our users up to date on the latest threats and protection. All this in just a few short months after 10.0 was rolled out to our software customers.

The in-product news feed is another example of moving at the speed of the cloud. Deep Security (SaaS or Software) frequently receives major protection advancements. This new in-product experience allows users to understand the latest threats or product advancements right from the management console. Now all Deep Security users can enjoy the benefits of having the absolute latest protection and features no matter how they deploy. Deep Security has become a living, evolving tool for the data center and cloud alike, with users at the heart of it all.

This is really about bringing operational excellence to hybrid environments. It’s about removing the traditional speed limits from enterprise software and giving you the opportunity to move at the pace of the cloud. It’s time to open this baby up…

Find out more at http://ift.tt/1SOCkvI

If you have questions or comments, please post them below or follow me on Twitter: @justin_foster.

from Trend Micro Simply Security http://ift.tt/2rYZYKB

IC3 Issues Internet Crime Report for 2016

Original release date: June 21, 2017

The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3. Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world.

US-CERT encourages users to review the 2016 Internet Crime Report for details and refer to the US-CERT Security Publication on Ransomware for information on defending against this particular threat.

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/2sCwXqb

Drupal Releases Security Updates

Original release date: June 21, 2017

Drupal has released an advisory to address several vulnerabilities in Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.56 or 8.3.4.

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/2tuvpP0

Cisco Releases Security Updates

Original release date: June 21, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability cisco-sa-20170621-piepnm1
Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability cisco-sa-20170621-vpc
WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities cisco-sa-20170621-wnrp

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/2sRm8CZ

ZDI-17-440: (0Day) Lepide LepideAuditor Suite Malicious Server Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lepide LepideAuditor Suite. Authentication is not required to exploit this vulnerability.

from ZDI: Published Advisories http://ift.tt/2tu0Lp6

ZDI-17-439: (0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddTabShapeEmptyPage Untrusted Pointer Dereference Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

from ZDI: Published Advisories http://ift.tt/2tu4XVN

ZDI-17-438: (0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddStringUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability

ZDI-17-437: (0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddIntUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability

ZDI-17-436: (0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddFloatUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability

ZDI-17-435: (0Day) UCanCode E-XD++ Visualization Enterprise Suite TKGIS RemoveShape Untrusted Pointer Dereference Remote Code Execution Vulnerability

ZDI-17-434: (0Day) UCanCode E-XD++ Visualization Enterprise Suite TKGIS FindPortFromIndex Untrusted Pointer Dereference Remote Code Execution Vulnerability

ZDI-17-433: (0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddDoubleUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability

ZDI-17-432: (0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddDateUserProperty AddDefaultPort Untrusted Pointer Dereference Remote Code Execution Vulnerability

ZDI-17-431: (0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddColorUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability

ZDI-17-412: Apple Safari Element Use-After-Free Remote Code Execution Vulnerability

Tradition and Technology: Trend Micro Takes to the Water for Dragon Boat Challenge

At Trend Micro, we’re used to fighting it out against a constant barrage of cyber threats facing our customers. But we don’t just want to be number one in cybersecurity: We’re also highly competitive elsewhere. As a company proud of our East Asian links we’re keen Dragon Boat racers, and guess what? Dragon Boat season is now officially in full swing now: not just in traditional countries like Taiwan, but also around the world.

That’s why Trend Micro will be blending technology with tradition when we take on all comers at the long-running Ottawa Dragon Boat festival later this month, following our battling performance at a similar event in Taipei at the end of May.

A tragic tale

The Dragon Boat Festival has many different Chinese names associated with it, but most commemorate the same event: the suicide of poet and minister Qu Yuan back in 278 BC. Qu’s protests at the corrupt Chu government of the day led him to be stripped of his title as minister, and subsequent banishment. After a rival state captured the Chu capital many years later, he is said to have drowned himself in the Miluo river in southern China in a ritual suicide.

It’s claimed that locals who admired the politician-turned-poet raced out in their boats in an attempt to save him, banging their drums in a bid to scare aware the fish circling his body. Or at least, that’s how many interpret the festival’s origins. Given it’s traditionally held on the fifth day of the fifth month of the traditional Chinese calendar it’s also been linked to crop fertility rituals in the region.

Racing for victory

At Trend Micro, all 5,000+ employees across the planet share a common vision: to make the world a safer place in which to exchange digital information. But we’re particularly proud that our unity of purpose in battling cyber threats also brings our disparate teams together in other ways. That’s why despite being located on opposite sides of the globe, our teams in Taiwan and Canada are united not just in a passion for cybersecurity but also Dragon Boat racing.

We sent two teams of more than 60 people to compete in the 2017 Taipei Dragon Boat Festival on 28-30 May, hailing from all parts of the business – R&D to Sales, Technical Support to HR. For anyone who hasn’t seen or taken part, let’s be clear: these are noisy, high-octane, no-holds-barred races – a riot of sound and color but definitely not for the faint-hearted.

Not to be outdone, our Canadian colleagues are going out to stamp their mark on the upcoming Ottawa Dragon Boat Festival, 22-25 June. Dating back to the early 90s, it’s North America’s largest and one of the biggest sporting and entertainment events in Canada’s capital, boasting over 200 teams and 75,000 attendees. If you fancy coming down to cheer on our brave participating Trenders, why not do it from the Trend Micro Paddler’s Paradise, our sponsored area in a prime spot of the shore, offering great views of the races?

We wish all taking part good luck!

from Trend Micro Simply Security http://ift.tt/2sSIYuB

ZDI-17-402: (Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability

Ransomware & Advanced Attacks: Servers are Different

Ransomware and other advanced attacks are the scourge of the modern IT security team. If allowed to gain access to your IT environment, these attacks could shut down the organization, denying access to mission critical applications & data for potentially days, or even indefinitely. The result? The disruption of service delivery, lost productivity and a hefty hit to reputation and profits.

While traditionally thought of as an endpoint issue – 93 percent of phishing emails are now ransomware – the reality is that ransomware and other advanced attacks are also focused on your servers. The combination of instantly available infrastructure via the public cloud and the increasing velocity of application delivery to create competitive advantage, has made servers an important target for cybercriminals.

Servers are different than a traditional endpoint: the applications and operating systems that run enterprise workloads in the data center, in the cloud, and in containers can be extremely dynamic, making the approach to security different.

A recent Gartner report states that “Server workloads in modern hybrid data centers use private and public cloud computing and require a protection strategy different from end-user- facing devices. Security and risk management leaders should use risk- based models to prioritize evaluation criteria for cloud workload protection platforms.” <Source: Gartner, “Market Guide for Cloud Workload Protection Platforms”, March 2017 G00302941 >

The fundamentals still matter – get patched

Servers are workhorses of the enterprise, driving your business forward and supporting your most valuable data; it’s only natural that the bad guys are heading straight for this part of the IT infrastructure, whether it’s in the data center or in the cloud. Ransomware & advanced attacks are being created to take advantage of vulnerabilities found on servers, including the recent WannaCry ransomware, which leveraged a Microsoft Windows SMB vulnerability to inject itself onto servers and endpoints. Not to be left out, Linux servers – the dominant server for public cloud workloads—are also being targeted, with the recent Erebus attack that had a serious impact on a large web hosting firm (and their 3,400 customers!) in South Korea.

Patching is never easy, but no IT security professional can deny the importance of patching. Modern IT environments are complex systems which require IT departments to manage multiple disparate patching processes, including new approaches like blue-green deployments. For mission critical systems, patches are sometimes delayed because organizations simply can’t afford the downtime needed to test and roll-out fixes. It’s estimated that it takes enterprise firms approximately 250 days for IT and 205 days for retail businesses to fix the software flaws in their enterprise applications. It only takes one exploit to get through for your organization to hit the headlines as the next major ransomware victim. In addition, for either operational or financial reasons, close to two years after end of life many organizations are still running Windows 2003, which means no patches are available and mitigation strategies – often expensive – have to be in place or the risk of exposure goes up exponentially.

Hybrid cloud is complicated

The hybrid cloud includes physical, virtual, cloud and container workloads, with new technologies like serverless functions and processes like DevOps introducing new complexity in the way that your organization operates. While embracing new technologies to gain benefits like increased agility and rapid application delivery make good business sense, the reality is that existing architectures also need to be maintained and secured at the same time. If this means that you have accumulated multiple tools along the way to the hybrid cloud, you are probably feeling significant pain just keeping everything running!

Unfortunately, this complexity can also leave gaps – who isn’t too busy to get everything done, right?—which cybercriminals are only too ready and willing to exploit. You might have put in place perimeter security, for example, but what if a compromised endpoint accesses a vulnerable file server? Then you have an attack which started inside the network, bypassing traditional security controls. And of course, there is no perimeter in the cloud…so what then?

Layered security is the right answer

The answer lies in advanced server security solutions like Trend Micro Deep Security. It’s been designed to protect workloads across physical, virtual, cloud and container environments with host-based security to shield servers from a wide range of threats including ransomware. Having one product with multiple controls is a great way to both increase security and reduce operational overhead. Powered by XGen™ Security, Deep Security includes a range of cross-generational security techniques that can help stop ransomware from hitting your enterprise servers, enabling you to easily:

Stop network attacks and shield vulnerable applications & servers, leveraging Intrusion Prevention (IDS/IPS) and firewall techniques;
Lock down systems and detect suspicious activity on servers, using techniques like application control and integrity monitoring that have been optimized for the hybrid cloud; and
Prevent malware and targeted attacks from successfully infiltrating your servers, leveraging proven anti-malware and advance techniques like behavioral analysis & sandboxing

With 752 percent growth in the number of ransomware families in 2016, the black hats have found a way to generate enough revenue – $1B in 2016 – to invest significant resources in rapidly evolving their attack strategies. With servers at the center of the enterprise, it’s clear that you need a strategy that both secures workloads wherever they might be – physical, virtual, cloud, containers – and aligns with the need for business agility that modern technology enables.

Find out more about how Trend Micro can help at http://ift.tt/1SOCkvI.

from Trend Micro Simply Security http://ift.tt/2rwjNK9

SB17-170: Vulnerability Summary for the Week of June 12, 2017

Original release date: June 19, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
gnome -- libcroco	The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.	2017-06-12	7.1	CVE-2017-8871 MISC EXPLOIT-DB
gnu -- glibc	nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.	2017-06-12	7.5	CVE-2014-9984 BID CONFIRM CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.	2017-06-13	9.3	CVE-2014-9960 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.	2017-06-13	9.3	CVE-2014-9961 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.	2017-06-13	9.3	CVE-2015-9023 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application.	2017-06-13	9.3	CVE-2015-9025 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine.	2017-06-13	9.3	CVE-2015-9028 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler.	2017-06-13	9.3	CVE-2016-10340 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.	2017-06-13	9.3	CVE-2016-10342 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated.	2017-06-13	9.3	CVE-2017-7365 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.	2017-06-13	7.6	CVE-2017-7372 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver.	2017-06-13	9.3	CVE-2017-8236 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image.	2017-06-13	9.3	CVE-2017-8237 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function.	2017-06-13	9.3	CVE-2017-8238 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.	2017-06-13	9.3	CVE-2017-8240 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length.	2017-06-13	9.3	CVE-2017-8241 CONFIRM
iodata -- ts-wrla_firmware	I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.	2017-06-09	9.0	CVE-2016-7819 CONFIRM BID JVN
iodata -- ts-wrla_firmware	Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors.	2017-06-09	9.0	CVE-2016-7820 CONFIRM BID JVN
iodata -- wfs-sr01_firmware	I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.	2017-06-09	10.0	CVE-2016-7806 CONFIRM BID JVN
libquicktime -- libquicktime	The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.	2017-06-12	7.1	CVE-2017-9122 EXPLOIT-DB
skygroup -- skysea_client_view	SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.	2017-06-09	10.0	CVE-2016-7836 BID CONFIRM JVN CONFIRM

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
bluez -- bluez	Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.	2017-06-09	4.6	CVE-2016-7837 BID CONFIRM JVN
buffalotech -- wnc01wh_firmware	Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.	2017-06-09	4.3	CVE-2016-7821 CONFIRM BID JVN
buffalotech -- wnc01wh_firmware	Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.	2017-06-09	6.8	CVE-2016-7822 CONFIRM BID JVN
buffalotech -- wnc01wh_firmware	Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.	2017-06-09	6.5	CVE-2016-7824 CONFIRM BID JVN
buffalotech -- wnc01wh_firmware	Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.	2017-06-09	4.0	CVE-2016-7825 CONFIRM BID JVN
buffalotech -- wnc01wh_firmware	Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.	2017-06-09	4.0	CVE-2016-7826 CONFIRM BID JVN
codecabin_ -- wp_live_chat_support	Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2017-06-09	4.3	CVE-2017-2187 JVN CONFIRM
corega -- cg-wlbargnl_firmware	Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2017-06-09	4.3	CVE-2016-7808 CONFIRM BID JVN
corega -- cg-wlr300nx_firmware	Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.	2017-06-09	6.8	CVE-2016-7809 CONFIRM BID JVN
corega -- cg-wlr300nx_firmware	Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.	2017-06-09	5.8	CVE-2016-7811 CONFIRM BID JVN
cybozu -- dezie	Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.	2017-06-09	5.0	CVE-2016-7832 BID JVN CONFIRM
cybozu -- dezie	Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.	2017-06-09	6.4	CVE-2016-7833 BID JVN CONFIRM
cybozu -- garoon	Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.	2017-06-09	4.3	CVE-2016-4906 BID JVN CONFIRM
cybozu -- garoon	Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.	2017-06-09	6.8	CVE-2016-4907 BID JVN CONFIRM
cybozu -- garoon	Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.	2017-06-09	4.0	CVE-2016-4908 BID BID JVN CONFIRM
cybozu -- garoon	Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.	2017-06-09	4.3	CVE-2016-4909 BID BID JVN CONFIRM
cybozu -- garoon	Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.	2017-06-09	4.0	CVE-2016-4910 BID JVN CONFIRM
cybozu -- garoon	Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.	2017-06-09	4.0	CVE-2016-7801 BID JVN CONFIRM
cybozu -- garoon	Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.	2017-06-09	4.0	CVE-2016-7802 BID JVN CONFIRM
cybozu -- garoon	SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.	2017-06-09	6.5	CVE-2016-7803 BID JVN CONFIRM
emon-cms -- deraemon-cms	Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username.	2017-06-09	4.3	CVE-2016-7813 CONFIRM BID JVN
fenrir-inc -- sleipnir	Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage.	2017-06-09	5.8	CVE-2016-7831 BID JVN
gnome -- libcroco	The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.	2017-06-12	4.3	CVE-2017-8834 MISC EXPLOIT-DB
google -- android	A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305.	2017-06-14	6.8	CVE-2017-0638 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.	2017-06-13	4.3	CVE-2017-8242 CONFIRM
h2o_project -- h2o	Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.	2017-06-09	6.4	CVE-2016-7835 BID CONFIRM JVN
ibm -- maximo_asset_management	IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276.	2017-06-13	6.5	CVE-2016-9984 CONFIRM MISC
iodata -- ts-wrla_firmware	I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.	2017-06-09	5.0	CVE-2016-7814 CONFIRM BID JVN
iodata -- wfs-sr01_firmware	I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.	2017-06-09	5.0	CVE-2016-7807 CONFIRM BID JVN
ipa -- appgoat	Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182.	2017-06-09	6.8	CVE-2017-2179 JVN
ipa -- appgoat	Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors.	2017-06-09	4.3	CVE-2017-2180 JVN
ipa -- appgoat	Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182.	2017-06-09	6.8	CVE-2017-2181 JVN
ipa -- appgoat	Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181.	2017-06-09	6.8	CVE-2017-2182 JVN
libquicktime -- libquicktime	The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.	2017-06-12	4.3	CVE-2017-9123 EXPLOIT-DB
libquicktime -- libquicktime	The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.	2017-06-12	4.3	CVE-2017-9124 EXPLOIT-DB
libquicktime -- libquicktime	The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.	2017-06-12	4.3	CVE-2017-9125 EXPLOIT-DB
libquicktime -- libquicktime	The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.	2017-06-12	4.3	CVE-2017-9126 EXPLOIT-DB
libquicktime -- libquicktime	The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.	2017-06-12	4.3	CVE-2017-9127 EXPLOIT-DB
libquicktime -- libquicktime	The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.	2017-06-12	4.3	CVE-2017-9128 EXPLOIT-DB
simple_keitai_chat_project -- simple_keitai_chat	Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2017-06-09	4.3	CVE-2016-7817 BID JVN
torproject -- tor	The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.	2017-06-09	5.0	CVE-2017-0375 BID CONFIRM CONFIRM CONFIRM
torproject -- tor	The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.	2017-06-09	5.0	CVE-2017-0376 CONFIRM CONFIRM CONFIRM
unisys -- mobigate	The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-09	4.3	CVE-2016-7805 BID JVN

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
bigtreecms -- bigtree_cms	admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.	2017-06-12	3.5	CVE-2017-9546 CONFIRM
bigtreecms -- bigtree_cms	admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).	2017-06-12	3.5	CVE-2017-9547 CONFIRM
bigtreecms -- bigtree_cms	admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change).	2017-06-12	3.5	CVE-2017-9548 CONFIRM
buffalotech -- wnc01wh_firmware	Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.	2017-06-09	2.3	CVE-2016-7823 CONFIRM BID JVN
corega -- cg-wlr300nx_firmware	Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.	2017-06-09	3.5	CVE-2016-7810 CONFIRM BID JVN
ibm -- inotes	IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.	2017-06-12	3.5	CVE-2017-1214 CONFIRM MISC
ibm -- rational_doors_next_generation	IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627.	2017-06-12	3.5	CVE-2017-1247 CONFIRM BID MISC
ibm -- rational_doors_next_generation	IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751.	2017-06-12	3.5	CVE-2017-1276 CONFIRM BID MISC
ibm -- rational_doors_next_generation	IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756.	2017-06-12	3.5	CVE-2017-1278 CONFIRM BID MISC
linux -- linux_kernel	An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815.	2017-06-14	2.6	CVE-2017-0651 BID CONFIRM

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
acquisition_technology_logistics_agency -- electronic_bidding_system	Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.	2017-06-09	not yet calculated	CVE-2017-2178 JVN CONFIRM BID
anti-web -- anti-web	In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.	2017-06-15	not yet calculated	CVE-2017-9097 MISC MISC MISC
apache -- kibana	Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.	2017-06-16	not yet calculated	CVE-2016-1000219 CONFIRM
apache -- kibana	With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.	2017-06-16	not yet calculated	CVE-2017-8451 CONFIRM
apache -- kibana	Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website.	2017-06-16	not yet calculated	CVE-2016-10365 CONFIRM
apache -- kibana	Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.	2017-06-16	not yet calculated	CVE-2017-8452 CONFIRM
apache -- kibana	Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.	2017-06-16	not yet calculated	CVE-2016-10366 CONFIRM
apache -- kibana	Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.	2017-06-16	not yet calculated	CVE-2016-1000220 CONFIRM
apache -- kibana	Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.	2017-06-16	not yet calculated	CVE-2016-1000218 CONFIRM
apache -- kibana	With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.	2017-06-16	not yet calculated	CVE-2016-10364 CONFIRM
apache -- kibana	Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.	2017-06-16	not yet calculated	CVE-2015-9056 CONFIRM
apache -- nifi	Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.	2017-06-12	not yet calculated	CVE-2017-7667 BID MLIST
apache -- nifi	In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.	2017-06-12	not yet calculated	CVE-2017-7665 BID MLIST
apache -- ranger	Apache Ranger before 0.6.is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.	2017-06-14	not yet calculated	CVE-2016-8751 BID CONFIRM
apache -- ranger	In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.	2017-06-14	not yet calculated	CVE-2017-7677 BID CONFIRM
apache -- ranger	Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.	2017-06-14	not yet calculated	CVE-2016-8746 BID CONFIRM
apache -- ranger	Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character - like mytest, test*.txt. This can result in unintended behavior.	2017-06-14	not yet calculated	CVE-2017-7676 BID CONFIRM
apache -- thrift	The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.	2017-06-16	not yet calculated	CVE-2015-3254 CONFIRM CONFIRM MLIST
apcupsd -- apcupsd	In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup. This occurs because of "RW NT AUTHORITY\Authenticated Users" permissions for %SYSTEMDRIVE%\apcupsd\bin\apcupsd.exe.	2017-06-16	not yet calculated	CVE-2017-7884 MISC
atlassian -- bamboo	Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.	2017-06-14	not yet calculated	CVE-2017-8907 CONFIRM
atlassian -- confluence	Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.	2017-06-15	not yet calculated	CVE-2017-9505 CONFIRM MISC
avira -- avira mobile security application	The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.	2017-06-15	not yet calculated	CVE-2015-7732 MISC
cisco -- asr_5000_series_routers	A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083.	2017-06-13	not yet calculated	CVE-2017-6690 BID CONFIRM
cisco -- context_service	A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0.	2017-06-13	not yet calculated	CVE-2017-6667 BID CONFIRM
cisco -- cucdm	Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1.	2017-06-13	not yet calculated	CVE-2017-6668 BID CONFIRM
cisco -- cucdm	A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1.	2017-06-13	not yet calculated	CVE-2017-6670 BID CONFIRM
cisco -- elastic_services_controllers	A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More Information: CSCvc76642. Known Affected Releases: 2.2(9.76).	2017-06-13	not yet calculated	CVE-2017-6683 BID CONFIRM
cisco -- elastic_services_controllers	A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.2(9.76).	2017-06-13	not yet calculated	CVE-2017-6697 BID CONFIRM
cisco -- elastic_services_controllers	A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected Releases: 2.2(9.76).	2017-06-13	not yet calculated	CVE-2017-6689 BID CONFIRM
cisco -- elastic_services_controllers	A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2).	2017-06-13	not yet calculated	CVE-2017-6696 BID CONFIRM
cisco -- elastic_services_controllers	A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76).	2017-06-13	not yet calculated	CVE-2017-6688 BID CONFIRM
cisco -- elastic_services_controllers	A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2).	2017-06-13	not yet calculated	CVE-2017-6691 BID CONFIRM
cisco -- elastic_services_controllers	A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76).	2017-06-13	not yet calculated	CVE-2017-6682 BID CONFIRM
cisco -- elastic_services_controllers	A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0.	2017-06-13	not yet calculated	CVE-2017-6684 BID CONFIRM
cisco -- elastic_services_controllers	A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.2(9.76) 2.3(1).	2017-06-13	not yet calculated	CVE-2017-6693 BID CONFIRM
cisco -- esa_sma	A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049.	2017-06-13	not yet calculated	CVE-2017-6661 BID CONFIRM
cisco -- esa	A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015.	2017-06-13	not yet calculated	CVE-2017-6671 BID CONFIRM
cisco -- firepower	A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed Releases: 6.2.0.	2017-06-13	not yet calculated	CVE-2017-6673 CONFIRM
cisco -- firepower	A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2.	2017-06-13	not yet calculated	CVE-2017-6674 BID CONFIRM
cisco -- industrial_network_director	A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176).	2017-06-13	not yet calculated	CVE-2017-6675 BID CONFIRM
cisco -- ip_phone_8800_series	A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. All active phone calls are dropped as the SIP process restarts. More Information: CSCvc29353. Known Affected Releases: 11.0(0.1). Known Fixed Releases: 11.0(0)MP2.153 11.0(0)MP2.62.	2017-06-13	not yet calculated	CVE-2017-6656 BID CONFIRM
cisco -- ncs_5500_series_routers	A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE.	2017-06-13	not yet calculated	CVE-2017-6666 BID CONFIRM
cisco -- nx-os	A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects Cisco NX-OS Software on the following Cisco devices when they are configured for FCoE: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. More Information: CSCvc91729. Known Affected Releases: 8.3(0)CV(0.833). Known Fixed Releases: 8.3(0)ISH(0.62) 8.3(0)CV(0.944) 8.1(1) 8.1(0.8)S0 7.3(2)D1(0.47).	2017-06-13	not yet calculated	CVE-2017-6655 BID CONFIRM
cisco -- prime_collaboration_assurance	A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6.	2017-06-13	not yet calculated	CVE-2017-6659 BID CONFIRM
cisco -- ultra_services_framework	A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839.	2017-06-13	not yet calculated	CVE-2017-6692 BID CONFIRM
cisco -- ultra_services_framework	A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0.	2017-06-13	not yet calculated	CVE-2017-6680 BID CONFIRM
cisco -- ultra_services_framework	A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839.	2017-06-13	not yet calculated	CVE-2017-6694 BID CONFIRM
cisco -- ultra_services_framework	A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839.	2017-06-13	not yet calculated	CVE-2017-6695 BID CONFIRM
cisco -- ultra_services_framework	A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0.	2017-06-13	not yet calculated	CVE-2017-6687 BID CONFIRM
cisco -- ultra_services_framework	A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0.	2017-06-13	not yet calculated	CVE-2017-6685 BID CONFIRM
cisco -- ultra_services_framework	A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76699. Known Affected Releases: 21.0.0.	2017-06-13	not yet calculated	CVE-2017-6686 BID CONFIRM
cisco -- ultra_services_framework	A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0.	2017-06-13	not yet calculated	CVE-2017-6681 BID CONFIRM
citrix -- xenmobile_server	XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.	2017-06-16	not yet calculated	CVE-2017-9231 BID CONFIRM
curl -- curl	In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://").	2017-06-14	not yet calculated	CVE-2017-9502 CONFIRM CONFIRM
cybozu -- kintone_app	The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-09	not yet calculated	CVE-2016-7816 BID JVN CONFIRM
d-link -- dir-605l_devices	On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.	2017-06-15	not yet calculated	CVE-2017-9675 CONFIRM
d-link -- wireless_n300_router	D-Link DIR-615 Wireless N300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.	2017-06-11	not yet calculated	CVE-2017-9542 BID MISC MISC
digital_canal_structural -- wind_analysis	A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack.	2017-06-14	not yet calculated	CVE-2017-7910 BID MISC
eclipse -- jetty	Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.	2017-06-16	not yet calculated	CVE-2017-9735 MISC MISC
efs_software -- easy_chat_server	There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.	2017-06-12	not yet calculated	CVE-2017-9544 EXPLOIT-DB
efs_software -- easy_chat_server	register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.	2017-06-12	not yet calculated	CVE-2017-9543 EXPLOIT-DB
efs_software -- easy_chat_server	register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.	2017-06-12	not yet calculated	CVE-2017-9557 EXPLOIT-DB
elastic -- logstash	Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.	2017-06-16	not yet calculated	CVE-2016-10363 CONFIRM
elastic -- logstash	Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.	2017-06-16	not yet calculated	CVE-2016-1000222 CONFIRM
elastic -- logstash	Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.	2017-06-16	not yet calculated	CVE-2016-1000221 CONFIRM
elastic -- logstash	Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.	2017-06-16	not yet calculated	CVE-2016-10362 CONFIRM
elastic -- x-pack_security	X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information.	2017-06-16	not yet calculated	CVE-2017-8450 CONFIRM
elastic -- x-pack_security	X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.	2017-06-16	not yet calculated	CVE-2017-8449 CONFIRM
emc -- esrs_ve	EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.	2017-06-14	not yet calculated	CVE-2017-4986 CONFIRM BID
emc -- rsa_bsafe_cert_c	EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability.	2017-06-14	not yet calculated	CVE-2017-4981 CONFIRM BID
emc -- rsa_identity_governanace_and_lifecycle_versions	EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.	2017-06-09	not yet calculated	CVE-2017-5003 CONFIRM BID
emc -- rsa_identity_governanace_and_lifecycle_versions	EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.	2017-06-09	not yet calculated	CVE-2017-5004 CONFIRM BID
f5 -- multiple_products	A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.	2017-06-09	not yet calculated	CVE-2016-7469 BID CONFIRM
flexera -- flexnet_publisher	In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.	2017-06-15	not yet calculated	CVE-2016-10395 MISC
gnuplot -- gnuplot	An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.	2017-06-15	not yet calculated	CVE-2017-9670 CONFIRM
gnutls -- gnutls	GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.	2017-06-16	not yet calculated	CVE-2017-7507 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS.	2017-06-13	not yet calculated	CVE-2016-10333 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten.	2017-06-13	not yet calculated	CVE-2016-10334 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.	2017-06-13	not yet calculated	CVE-2017-8235 CONFIRM
google -- android	A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.	2017-06-14	not yet calculated	CVE-2017-0663 BID CONFIRM
google -- android	A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-35472997.	2017-06-14	not yet calculated	CVE-2017-0644 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled.	2017-06-13	not yet calculated	CVE-2015-9021 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs.	2017-06-13	not yet calculated	CVE-2015-9022 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer.	2017-06-13	not yet calculated	CVE-2015-9033 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call.	2017-06-13	not yet calculated	CVE-2014-9965 BID CONFIRM
google -- android	A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500.	2017-06-14	not yet calculated	CVE-2017-0637 BID CONFIRM CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display.	2017-06-13	not yet calculated	CVE-2014-9966 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.	2017-06-13	not yet calculated	CVE-2017-7371 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.	2017-06-13	not yet calculated	CVE-2017-7370 CONFIRM
google -- android	An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991.	2017-06-14	not yet calculated	CVE-2017-0639 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM.	2017-06-13	not yet calculated	CVE-2014-9963 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.	2017-06-13	not yet calculated	CVE-2014-9964 BID CONFIRM
google -- android	An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278.	2017-06-14	not yet calculated	CVE-2017-0650 CONFIRM
google -- android	An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327.	2017-06-14	not yet calculated	CVE-2017-0645 BID CONFIRM
google -- android	A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591.	2017-06-14	not yet calculated	CVE-2017-0641 BID CONFIRM CONFIRM
google -- android	A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017.	2017-06-14	not yet calculated	CVE-2017-0642 BID CONFIRM CONFIRM
google -- android	A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-35645051.	2017-06-14	not yet calculated	CVE-2017-0643 BID CONFIRM
google -- android	A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33129467.	2017-06-14	not yet calculated	CVE-2017-0640 BID CONFIRM
google -- android	An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337.	2017-06-14	not yet calculated	CVE-2017-0646 BID CONFIRM
google -- android	An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-36101220.	2017-06-14	not yet calculated	CVE-2017-0648 BID CONFIRM
google -- android	An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283.	2017-06-14	not yet calculated	CVE-2017-0649 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.	2017-06-13	not yet calculated	CVE-2015-9032 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.	2017-06-13	not yet calculated	CVE-2017-7373 CONFIRM
google -- android	An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.	2017-06-14	not yet calculated	CVE-2017-0647 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.	2017-06-13	not yet calculated	CVE-2015-9031 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.	2017-06-13	not yet calculated	CVE-2015-9030 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory.	2017-06-13	not yet calculated	CVE-2015-9029 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.	2017-06-13	not yet calculated	CVE-2017-7369 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.	2017-06-13	not yet calculated	CVE-2017-8239 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.	2017-06-13	not yet calculated	CVE-2014-9967 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.	2017-06-13	not yet calculated	CVE-2015-9020 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot.	2017-06-13	not yet calculated	CVE-2016-10336 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed.	2017-06-13	not yet calculated	CVE-2016-10337 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing.	2017-06-13	not yet calculated	CVE-2016-10338 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications.	2017-06-13	not yet calculated	CVE-2016-10332 BID CONFIRM
google -- android	The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted /sys/kernel/debug/msm-bus-dbg/client-data/update-request write request.	2017-06-16	not yet calculated	CVE-2017-6899 MISC
google -- android	In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.	2017-06-13	not yet calculated	CVE-2015-9027 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.	2017-06-13	not yet calculated	CVE-2016-10339 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended.	2017-06-13	not yet calculated	CVE-2016-10341 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, libtomcrypt was updated.	2017-06-13	not yet calculated	CVE-2016-10335 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.	2017-06-13	not yet calculated	CVE-2014-9962 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.	2017-06-13	not yet calculated	CVE-2017-7368 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.	2017-06-13	not yet calculated	CVE-2015-9026 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications.	2017-06-13	not yet calculated	CVE-2015-9024 BID CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.	2017-06-13	not yet calculated	CVE-2017-8234 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.	2017-06-13	not yet calculated	CVE-2017-7366 CONFIRM
google -- android	In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.	2017-06-13	not yet calculated	CVE-2017-7367 CONFIRM
google -- android	In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write.	2017-06-13	not yet calculated	CVE-2017-8233 CONFIRM
ibm -- api_connect	IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002.	2017-06-15	not yet calculated	CVE-2017-1379 CONFIRM BID MISC
ibm -- bigfix_compliance	IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672.	2017-06-15	not yet calculated	CVE-2017-1197 CONFIRM MISC
ibm -- jazz_foundation	IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.	2017-06-13	not yet calculated	CVE-2016-9973 CONFIRM BID MISC
ibm -- jazz_foundation	IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.	2017-06-13	not yet calculated	CVE-2017-1099 CONFIRM MISC
ibm -- quality_manager	IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666.	2017-06-13	not yet calculated	CVE-2017-1104 CONFIRM BID MISC
ibm -- quality_manager	IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663.	2017-06-13	not yet calculated	CVE-2017-1102 CONFIRM BID MISC
ibm -- quality_manager	IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662.	2017-06-13	not yet calculated	CVE-2017-1101 CONFIRM BID MISC
ibm -- quality_manager	IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661.	2017-06-13	not yet calculated	CVE-2017-1100 CONFIRM BID MISC
infotecs -- vipnet_client_and_coordinator	Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.	2017-06-14	not yet calculated	CVE-2017-9606 MISC
intel -- active_management_technology	Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.	2017-06-14	not yet calculated	CVE-2017-5697 CONFIRM
jadf -- screensaver_installers	Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.	2017-06-09	not yet calculated	CVE-2017-2176 JVN CONFIRM BID
japan_agency_for_local_authority_information _systems -- jpki_client_software_for_windows	Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.	2017-06-09	not yet calculated	CVE-2016-4902 BID JVN
japan_pension_service -- todokesho	Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.	2017-06-09	not yet calculated	CVE-2016-7818 CONFIRM CONFIRM CONFIRM CONFIRM BID JVN
japan_total_system -- groupsession	GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors.	2017-06-09	not yet calculated	CVE-2017-2165 JVN BID
kbvault_mysql -- kbvault_mysql	KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.	2017-06-16	not yet calculated	CVE-2017-9602 EXPLOIT-DB
kde -- kde_applications	KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.	2017-06-13	not yet calculated	CVE-2017-9604 CONFIRM CONFIRM
lenovo -- mouse suite	Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.	2017-06-13	not yet calculated	CVE-2015-4596 CONFIRM
libgcrypt -- libgcrypt	In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.	2017-06-10	not yet calculated	CVE-2017-9526 BID CONFIRM CONFIRM CONFIRM
libreswan -- libreswan	libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).	2017-06-13	not yet calculated	CVE-2016-5391 CONFIRM CONFIRM FEDORA FEDORA
libsndfile -- libsndfile	In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.	2017-06-12	not yet calculated	CVE-2017-6892 CONFIRM MISC MISC
linux -- linux_kernel	sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.	2017-06-17	not yet calculated	CVE-2017-1000380 MISC MISC MISC MISC MISC MISC
linux -- linux_kernel	The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.	2017-06-13	not yet calculated	CVE-2017-9605 CONFIRM CONFIRM
mea_financial_enterprises -- algonquin_state_bank_mobile_banking_app	The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app 3.0.0 -- aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9581 MISC
mea_financial_enterprises -- athens_state_bank_mobile_app	The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9572 MISC
mea_financial_enterprises -- avb_bank_mobile_banking_app	The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9567 MISC
mea_financial_enterprises -- blue_ridge_bank_app	The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9597 MISC
mea_financial_enterprises -- bnb_mobile_banking_app	The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-mobile-banking/id674215747 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9582 MISC
mea_financial_enterprises -- cayuga_lake_national_bank_app	The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9560 MISC
mea_financial_enterprises -- cb2go_app	The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9564 MISC
mea_financial_enterprises -- cbtx_on_the_go_app	The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9569 MISC
mea_financial_enterprises -- ccb_mobile_banking_app	The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9571 MISC
mea_financial_enterprises -- cfb_mobile_banking_app	The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9596 MISC
mea_financial_enterprises -- charlevoix_state_bank_app	The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9583 MISC
mea_financial_enterprises -- community_state_bank_lamar_app	The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9585 MISC
mea_financial_enterprises -- financial_plus_mobile_banking_app	The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9568 MISC
mea_financial_enterprises -- first_citizens_bank_mobile_banking_app	The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9577 MISC
mea_financial_enterprises -- first_citizens_community_bank_app	The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9563 MISC
mea_financial_enterprises -- first_security_bank_sleepy_eye_mobile_app	The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9565 MISC
mea_financial_enterprises -- first_state_bank_of_bigfork_mobile_banking_app	The "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9595 MISC
mea_financial_enterprises -- fnb_kemp_mobile_banking_app	The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9601 MISC
mea_financial_enterprises -- fountain_trust_mobile_banking_app	The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app 3.0.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9599 MISC
mea_financial_enterprises -- freedom_1st_credit_union_mobile_banking_app	The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9562 MISC
mea_financial_enterprises -- fsb_dequeen_mobile_banking_app	The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9566 MISC
mea_financial_enterprises -- fsby_mobile_banking_app	The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9586 MISC
mea_financial_enterprises -- fvb_mobile_banking_app	The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9575 MISC
mea_financial_enterprises -- hbo_mobile_banking_app	The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9584 MISC
mea_financial_enterprises -- jmcu_mobile_banking_app	The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9579 MISC
mea_financial_enterprises -- kc_area_credit_union_mobile_banking_app	The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9574 MISC
mea_financial_enterprises -- lee_bank_and_trust_mobile_app	The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9561 MISC
mea_financial_enterprises -- mea_financial_vision_bank_app	The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9559 MISC
mea_financial_enterprises -- middleton_community_bank_mobile_banking_app	The "Middleton Community Bank Mobile Banking" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9576 MISC
mea_financial_enterprises -- morton_credit_union_app	The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9598 MISC
mea_financial_enterprises -- mount_vernon_bank_trust_mobile_banking_app	The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9570 MISC
mea_financial_enterprises -- nasb_mobile_banking_app	The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9573 MISC
mea_financial_enterprises -- oculina_mobile_banking_app	The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9593 MISC
mea_financial_enterprises -- oritani_mobile_banking_app	The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9588 MISC
mea_financial_enterprises -- pcb_mobile_app	The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9591 MISC
mea_financial_enterprises -- pcsb_bank_mobile_app	The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9587 MISC
mea_financial_enterprises -- peoples_bank_tulsa_app	The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9600 MISC
mea_financial_enterprises -- pioneer_bank_and_trust_mobile_banking_app	The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9580 MISC
mea_financial_enterprises -- rvcb_mobile_banking_app	The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9578 MISC
mea_financial_enterprises -- scsb_shelbyville_il_mobile_banking_app	The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app 3.0.0 -- aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9589 MISC
mea_financial_enterprises -- state_bank_of_waterloo_mobile_banking_app	The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9590 MISC
mea_financial_enterprises -- svb_mobile_banking_app	The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9594 MISC
mea_financial_enterprises -- wawa_employees_credit_union_app	The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9558 MISC
mea_financial_enterprises -- your_legacy_mobile_banking_app	The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2017-06-16	not yet calculated	CVE-2017-9592 MISC
mediatek -- mediatek	An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263.	2017-06-14	not yet calculated	CVE-2017-0636 BID CONFIRM
metasploit -- metasploit	Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.	2017-06-15	not yet calculated	CVE-2017-5244 BID CONFIRM MISC
microsoft -- office	A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.	2017-06-14	not yet calculated	CVE-2017-8509 BID CONFIRM
microsoft -- office	A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka "Microsoft Office Memory Corruption Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8507 BID CONFIRM
microsoft -- office	A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.	2017-06-14	not yet calculated	CVE-2017-8510 BID CONFIRM
microsoft -- office	A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260.	2017-06-14	not yet calculated	CVE-2017-8506 BID CONFIRM
microsoft -- office	A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506.	2017-06-14	not yet calculated	CVE-2017-0260 BID CONFIRM
microsoft -- office	A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8508 BID CONFIRM
microsoft -- office	A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.	2017-06-14	not yet calculated	CVE-2017-8512 BID CONFIRM
microsoft -- office	A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.	2017-06-14	not yet calculated	CVE-2017-8511 BID CONFIRM
microsoft -- outlook	A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8545 BID CONFIRM
microsoft -- powerpoint	A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8513 BID CONFIRM
microsoft -- sharepoint	An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability".	2017-06-14	not yet calculated	CVE-2017-8551 BID CONFIRM
microsoft -- sharepoint	An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8514 BID CONFIRM
microsoft -- skype	A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8550 BID CONFIRM
microsoft -- windows	Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0291.	2017-06-14	not yet calculated	CVE-2017-0292 BID CONFIRM
microsoft -- windows	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.	2017-06-14	not yet calculated	CVE-2017-8471 BID CONFIRM
microsoft -- windows	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.	2017-06-14	not yet calculated	CVE-2017-8473 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8489 BID CONFIRM
microsoft -- windows	Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219.	2017-06-14	not yet calculated	CVE-2017-0216 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8488 BID CONFIRM
microsoft -- windows	Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8548, and CVE-2017-8549.	2017-06-14	not yet calculated	CVE-2017-8521 BID CONFIRM
microsoft -- windows	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8544 BID CONFIRM
microsoft -- windows	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477.	2017-06-14	not yet calculated	CVE-2017-8484 BID CONFIRM
microsoft -- windows	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484.	2017-06-14	not yet calculated	CVE-2017-8475 BID CONFIRM
microsoft -- windows	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.	2017-06-14	not yet calculated	CVE-2017-8470 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8492 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8490 BID CONFIRM
microsoft -- windows	Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497.	2017-06-14	not yet calculated	CVE-2017-8496 BID CONFIRM
microsoft -- windows	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.	2017-06-14	not yet calculated	CVE-2017-0288 BID CONFIRM
microsoft -- windows	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.	2017-06-14	not yet calculated	CVE-2017-0289 BID CONFIRM
microsoft -- windows	Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8468.	2017-06-14	not yet calculated	CVE-2017-8465 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8491 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8480 BID CONFIRM
microsoft -- windows	Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."	2017-06-15	not yet calculated	CVE-2017-8487 BID CONFIRM
microsoft -- windows	Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0292.	2017-06-14	not yet calculated	CVE-2017-0291 BID CONFIRM
microsoft -- windows	Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219.	2017-06-14	not yet calculated	CVE-2017-0218 BID CONFIRM
microsoft -- windows	Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability".	2017-06-14	not yet calculated	CVE-2017-0295 BID CONFIRM
microsoft -- windows	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484.	2017-06-14	not yet calculated	CVE-2017-8477 BID CONFIRM
microsoft -- windows	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.	2017-06-14	not yet calculated	CVE-2017-0286 BID CONFIRM
microsoft -- windows	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0284, CVE-2017-0285, and CVE-2017-8534.	2017-06-14	not yet calculated	CVE-2017-0282 BID CONFIRM
microsoft -- windows	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.	2017-06-14	not yet calculated	CVE-2017-0283 BID CONFIRM
microsoft -- windows	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-8534.	2017-06-14	not yet calculated	CVE-2017-0285 BID CONFIRM
microsoft -- windows	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0285, and CVE-2017-8534.	2017-06-14	not yet calculated	CVE-2017-0284 BID CONFIRM
microsoft -- windows	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files, aka "Windows Remote Code Execution Vulnerability".	2017-06-14	not yet calculated	CVE-2017-0294 BID CONFIRM
microsoft -- windows	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.	2017-06-14	not yet calculated	CVE-2017-8472 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8469 BID CONFIRM
microsoft -- windows	Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows TDX Elevation of Privilege Vulnerability".	2017-06-14	not yet calculated	CVE-2017-0296 BID CONFIRM
microsoft -- windows	Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8522 and CVE-2017-8524.	2017-06-14	not yet calculated	CVE-2017-8517 BID CONFIRM
microsoft -- windows	Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8465.	2017-06-14	not yet calculated	CVE-2017-8468 BID CONFIRM
microsoft -- windows	Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8493 BID CONFIRM
microsoft -- windows	Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows improper elevation of privilege, aka "Windows Cursor Elevation of Privilege Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8466 BID CONFIRM
microsoft -- windows	Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8515 BID CONFIRM
microsoft -- windows	Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of Privilege Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8494 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8474 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8481 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8479 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8476 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8482 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8485 BID CONFIRM
microsoft -- windows	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8547.	2017-06-14	not yet calculated	CVE-2017-8519 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8483 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8478 BID CONFIRM
microsoft -- windows	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.	2017-06-14	not yet calculated	CVE-2017-0287 BID CONFIRM
microsoft -- windows	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519.	2017-06-14	not yet calculated	CVE-2017-8547 BID CONFIRM
microsoft -- windows	Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8529 BID CONFIRM
microsoft -- windows	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555.	2017-06-14	not yet calculated	CVE-2017-8530 BID CONFIRM
microsoft -- windows	A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE is unique from CVE-2017-0263.	2017-06-14	not yet calculated	CVE-2017-8552 CONFIRM
microsoft -- windows	Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530.	2017-06-14	not yet calculated	CVE-2017-8555 BID CONFIRM
microsoft -- windows	Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8522.	2017-06-14	not yet calculated	CVE-2017-8524 BID CONFIRM
microsoft -- windows	Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.	2017-06-14	not yet calculated	CVE-2017-0173 BID CONFIRM
microsoft -- windows	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0283.	2017-06-14	not yet calculated	CVE-2017-8528 BID CONFIRM
microsoft -- windows	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8527 BID CONFIRM
microsoft -- windows	Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8504.	2017-06-14	not yet calculated	CVE-2017-8498 BID CONFIRM
microsoft -- windows	Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8520, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549.	2017-06-14	not yet calculated	CVE-2017-8499 BID CONFIRM
microsoft -- windows	Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8460 BID CONFIRM
microsoft -- windows	Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8498.	2017-06-14	not yet calculated	CVE-2017-8504 BID CONFIRM
microsoft -- windows	Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8496.	2017-06-14	not yet calculated	CVE-2017-8497 BID CONFIRM
microsoft -- windows	Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549.	2017-06-14	not yet calculated	CVE-2017-8520 BID CONFIRM
microsoft -- windows	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555.	2017-06-14	not yet calculated	CVE-2017-8523 BID CONFIRM
microsoft -- windows	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8548.	2017-06-14	not yet calculated	CVE-2017-8549 BID CONFIRM
microsoft -- windows	An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8553 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300.	2017-06-14	not yet calculated	CVE-2017-0297 BID CONFIRM
microsoft -- windows	A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka "Windows COM Session Elevation of Privilege Vulnerability."	2017-06-14	not yet calculated	CVE-2017-0298 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-0299 BID CONFIRM
microsoft -- windows	Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.	2017-06-14	not yet calculated	CVE-2017-0215 BID CONFIRM
microsoft -- windows	Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8549.	2017-06-14	not yet calculated	CVE-2017-8548 BID CONFIRM
microsoft -- windows	Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."	2017-06-15	not yet calculated	CVE-2017-8461 BID CONFIRM
microsoft -- windows	Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218.	2017-06-14	not yet calculated	CVE-2017-0219 BID CONFIRM
microsoft -- windows	Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."	2017-06-14	not yet calculated	CVE-2017-8464 BID CONFIRM
microsoft -- windows	Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524.	2017-06-14	not yet calculated	CVE-2017-8522 BID CONFIRM
microsoft -- windows	Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability".	2017-06-14	not yet calculated	CVE-2017-0193 BID CONFIRM
microsoft -- windows	Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285.	2017-06-14	not yet calculated	CVE-2017-8534 BID CONFIRM
microsoft -- windows	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532.	2017-06-14	not yet calculated	CVE-2017-8533 BID CONFIRM
microsoft -- windows	Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".	2017-06-14	not yet calculated	CVE-2017-8543 BID CONFIRM
microsoft -- windows	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533.	2017-06-14	not yet calculated	CVE-2017-8532 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-8462 BID CONFIRM
microsoft -- windows	Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533.	2017-06-14	not yet calculated	CVE-2017-8531 BID CONFIRM
microsoft -- windows	The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, and CVE-2017-0297.	2017-06-14	not yet calculated	CVE-2017-0300 BID CONFIRM
mruby -- mruby	The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.	2017-06-11	not yet calculated	CVE-2017-9527 CONFIRM CONFIRM
netmove -- saat_netizen	Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.	2017-06-09	not yet calculated	CVE-2017-2206 BID JVN CONFIRM
netmove -- saat_netizen	Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.	2017-06-09	not yet calculated	CVE-2017-2207 BID JVN CONFIRM
new_relic -- .net_agent	New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.	2017-06-13	not yet calculated	CVE-2017-9246 MISC
open_ticket_request_system -- open_ticket_request_system	In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.	2017-06-12	not yet calculated	CVE-2017-9324 MISC MISC
pascal-bajorat -- simplece	In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on http://ift.tt/2rm2ScQ] exploitable as a regular or admin user.	2017-06-15	not yet calculated	CVE-2017-9674 MISC
pascal-bajorat -- simplece	In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password.	2017-06-15	not yet calculated	CVE-2017-9673 MISC
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.	2017-06-13	not yet calculated	CVE-2017-4963 CONFIRM
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails.	2017-06-13	not yet calculated	CVE-2016-8219 CONFIRM
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. An authorized user can use a blind SQL injection attack to query the contents of the UAA database, aka "Blind SQL Injection with privileged UAA endpoints."	2017-06-13	not yet calculated	CVE-2017-4974 CONFIRM
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges.	2017-06-13	not yet calculated	CVE-2017-4973 CONFIRM
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file is not present in the application root. Applications containing a Staticfile.auth file but not a Static file had their basic auth turned off when an operator upgraded the Static file build pack in the foundation to one of the vulnerable versions. Note that Static file applications without a Static file are technically misconfigured, and will not successfully detect unless the Static file build pack is explicitly specified.	2017-06-13	not yet calculated	CVE-2017-4970 CONFIRM
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database.	2017-06-13	not yet calculated	CVE-2017-4972 CONFIRM
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.	2017-06-13	not yet calculated	CVE-2017-4994 CONFIRM
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.	2017-06-13	not yet calculated	CVE-2016-8218 CONFIRM
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities."	2017-06-13	not yet calculated	CVE-2017-4961 CONFIRM
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.	2017-06-13	not yet calculated	CVE-2016-6655 BID CONFIRM
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations.	2017-06-13	not yet calculated	CVE-2017-4992 CONFIRM
pivotal -- cloud_foundry	An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone.	2017-06-13	not yet calculated	CVE-2017-4991 CONFIRM
pivotal -- pivotal_cloud_foundry_elastic_runtime	An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.	2017-06-13	not yet calculated	CVE-2017-2773 BID CONFIRM
pivotal -- pivotal_cloud_foundry_elastic_runtime	An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.	2017-06-13	not yet calculated	CVE-2017-4955 BID CONFIRM
pivotal -- pivotal_cloud_foundry_elastic_runtime	An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.	2017-06-13	not yet calculated	CVE-2017-4959 BID CONFIRM
pivotal -- pivotal_cloud_foundry_tile_generator	An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator.	2017-06-13	not yet calculated	CVE-2017-4975 CONFIRM
pivotal -- rabbitmq	An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.	2017-06-13	not yet calculated	CVE-2017-4966 CONFIRM
pivotal -- rabbitmq	An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.	2017-06-13	not yet calculated	CVE-2017-4965 BID CONFIRM
pivotal -- rabbitmq	An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.	2017-06-13	not yet calculated	CVE-2017-4967 CONFIRM
pivotal -- spring_web_flow	An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.	2017-06-13	not yet calculated	CVE-2017-4971 BID CONFIRM CONFIRM
piwigo -- piwigo	An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.	2017-06-14	not yet calculated	CVE-2017-9464 MISC MISC
piwigo -- piwigo	The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application.	2017-06-14	not yet calculated	CVE-2017-9463 MISC MISC MISC
pulp -- pulp	Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.	2017-06-13	not yet calculated	CVE-2016-3704 CONFIRM CONFIRM MISC MISC FEDORA CONFIRM
pulp -- pulp	The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.	2017-06-13	not yet calculated	CVE-2016-3696 CONFIRM CONFIRM FEDORA CONFIRM
qemu -- qemu	Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.	2017-06-16	not yet calculated	CVE-2017-9374 CONFIRM MLIST CONFIRM
qemu -- qemu	QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.	2017-06-16	not yet calculated	CVE-2017-9503 MLIST CONFIRM MLIST MLIST
qemu -- qemu	QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.	2017-06-16	not yet calculated	CVE-2017-9375 CONFIRM MLIST BID CONFIRM
qemu -- qemu	Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.	2017-06-16	not yet calculated	CVE-2017-9373 CONFIRM MLIST BID CONFIRM
qnap -- qts	QNAP QTS before 4.2.6 build 20170517 allows command injection.	2017-06-15	not yet calculated	CVE-2017-7876 CONFIRM
qnap -- qts	QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.	2017-06-15	not yet calculated	CVE-2017-7629 CONFIRM
red_hat -- quickstart_cloud_installer	/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.	2017-06-13	not yet calculated	CVE-2016-5411 BID CONFIRM
rockwell_automation -- panelview_plus_6	A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. There is no authorization check when connecting to the device, allowing an attacker remote access.	2017-06-14	not yet calculated	CVE-2017-7914 MISC
ruby -- ruby	Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.	2017-06-12	not yet calculated	CVE-2015-9096 MISC MISC MISC MISC
ruby -- ruby	The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.	2017-06-12	not yet calculated	CVE-2015-9097 MISC MISC MISC MISC MISC MISC MISC
sap -- successfactors	Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.	2017-06-15	not yet calculated	CVE-2017-9613 MISC BID MISC
spip -- spip	SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.	2017-06-17	not yet calculated	CVE-2017-9736 CONFIRM CONFIRM CONFIRM
synology -- photo_station	A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".	2017-06-13	not yet calculated	CVE-2017-9552 MISC CONFIRM
tablib -- tablib	An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.	2017-06-14	not yet calculated	CVE-2017-2810 BID MISC
telaxus -- epesi	Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data.	2017-06-14	not yet calculated	CVE-2017-9624 CONFIRM CONFIRM
telaxus -- epesi	Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter.	2017-06-14	not yet calculated	CVE-2017-9621 CONFIRM CONFIRM
telaxus -- epesi	Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.	2017-06-14	not yet calculated	CVE-2017-9622 CONFIRM CONFIRM
telaxus -- epesi	Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.	2017-06-14	not yet calculated	CVE-2017-9623 CONFIRM CONFIRM
tera_term -- tera_term	Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.	2017-06-09	not yet calculated	CVE-2017-2193 JVN BID CONFIRM
tslite -- tslite	The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash).	2017-06-13	not yet calculated	CVE-2015-3220 CONFIRM CONFIRM MLIST
uclibc -- uclibc	In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression.	2017-06-16	not yet calculated	CVE-2017-9728 MISC
uclibc -- uclibc	In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression.	2017-06-16	not yet calculated	CVE-2017-9729 MISC
winsparkle -- winsparkle	Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.	2017-06-09	not yet calculated	CVE-2016-7838 BID CONFIRM JVN JVN CONFIRM
wireshark -- wireshark	In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.	2017-06-14	not yet calculated	CVE-2017-9616 CONFIRM
wireshark -- wireshark	In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.	2017-06-14	not yet calculated	CVE-2017-9617 CONFIRM
wordpress -- wordpress	Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.	2017-06-15	not yet calculated	CVE-2017-9419 MISC
wordpress -- wordpress	SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.	2017-06-13	not yet calculated	CVE-2017-9603 MISC MISC
wordpress -- wordpress	SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.	2017-06-12	not yet calculated	CVE-2017-9418 MISC
wordpress -- wordpress	SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.	2017-06-13	not yet calculated	CVE-2017-9429 MISC
yocto_project -- yp_core_pyro	In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package.	2017-06-16	not yet calculated	CVE-2017-9731 CONFIRM

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/2rNxlQF