CVE-2017-10673CVE-2017-10673

Affected configuration(s):

cpe:/a:cagintranetworks:getsimple_cms:3.0
cpe:/a:cagintranetworks:getsimple_cms:3.1
cpe:/a:cagintranetworks:getsimple_cms:3.1.1
cpe:/a:cagintranetworks:getsimple_cms:3.1.2
cpe:/a:cagintranetworks:getsimple_cms:3.2
cpe:/a:cagintranetworks:getsimple_cms:3.2.1
cpe:/a:cagintranetworks:getsimple_cms:3.2.2
cpe:/a:cagintranetworks:getsimple_cms:3.2.3
cpe:/a:cagintranetworks:getsimple_cms:3.3.0
cpe:/a:cagintranetworks:getsimple_cms:3.3.1
cpe:/a:cagintranetworks:getsimple_cms:3.3.2
cpe:/a:cagintranetworks:getsimple_cms:3.3.2:beta3
cpe:/a:cagintranetworks:getsimple_cms:3.3.3
cpe:/a:cagintranetworks:getsimple_cms:3.3.4
cpe:/a:cagintranetworks:getsimple_cms:3.3.5
cpe:/a:cagintranetworks:getsimple_cms:3.3.6
cpe:/a:cagintranetworks:getsimple_cms:3.3.7
cpe:/a:cagintranetworks:getsimple_cms:3.3.8
cpe:/a:cagintranetworks:getsimple_cms:3.3.9
cpe:/a:cagintranetworks:getsimple_cms:3.3.10
cpe:/a:cagintranetworks:getsimple_cms:3.3.11
cpe:/a:cagintranetworks:getsimple_cms:3.3.12
cpe:/a:cagintranetworks:getsimple_cms:3.3.13

Date published: 2017-06-29T04:29:00.293-04:00

Date last modified: 2017-07-03T09:03:41.467-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1234

Summary: admin/profile.php in GetSimple CMS 3.x has XSS in a name field.

CVE-2017-10667CVE-2017-10667

Affected configuration(s):

cpe:/a:zen-cart:zen_cart:1.6.0

Date published: 2017-06-28T20:29:00.263-04:00

Date last modified: 2017-07-03T10:37:08.793-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://github.com/zencart/zencart/issues/1443

Summary: In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.

CVE-2017-10682CVE-2017-10682

Affected configuration(s):

cpe:/a:piwigo:piwigo:2.9.1

Date published: 2017-06-29T17:29:00.330-04:00

Date last modified: 2017-07-04T21:29:00.267-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/99357

Summary: SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.

CVE-2017-10678CVE-2017-10678

Affected configuration(s):

cpe:/a:piwigo:piwigo:2.9.1

Date published: 2017-06-29T17:29:00.190-04:00

Date last modified: 2017-07-05T21:29:00.427-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.securityfocus.com/bid/99383

Summary: Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request.

CVE-2017-10680CVE-2017-10680

Affected configuration(s):

cpe:/a:piwigo:piwigo:2.9.1

Date published: 2017-06-29T17:29:00.267-04:00

Date last modified: 2017-07-03T21:29:00.403-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.securityfocus.com/bid/99349

Summary: Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request.

CVE-2017-10681CVE-2017-10681

Affected configuration(s):

cpe:/a:piwigo:piwigo:2.9.1

Date published: 2017-06-29T17:29:00.297-04:00

Date last modified: 2017-07-04T21:29:00.207-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.securityfocus.com/bid/99362

Summary: Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request.

CVE-2017-1000377CVE-2017-1000377

Affected configuration(s):

cpe:/o:linux:linux_kernel:-

Date published: 2017-06-19T12:29:00.623-04:00

Date last modified: 2017-07-05T14:09:12.050-04:00

CVSS Score: 4.6

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/99129

Summary: An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be “jumped” over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time).

CVE-2017-1000376CVE-2017-1000376

Affected configuration(s):

cpe:/a:redhat:enterprise_virtualization_server:-
cpe:/a:redhat:openshift:2.0::enterprise
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7.0

Date published: 2017-06-19T12:29:00.577-04:00

Date last modified: 2017-11-03T21:29:28.740-04:00

CVSS Score: 6.9

Principal attack vector: LOCAL

Complexity:  MEDIUM

Reference URL: http://www.debian.org/security/2017/dsa-3889

Summary: libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

CVE-2014-8149CVE-2014-8149

Affected configuration(s):

cpe:/a:opendaylight:defense4all:1.1.0

Date published: 2017-06-27T16:29:00.293-04:00

Date last modified: 2017-07-03T13:25:18.217-04:00

CVSS Score: 6.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.openwall.com/lists/oss-security/2015/01/22/1

Summary: OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files.

CVE-2017-1297CVE-2017-1297

Affected configuration(s):

cpe:/a:ibm:data_server_client:-
cpe:/a:ibm:data_server_driver_for_odbc_and_cli:-
cpe:/a:ibm:data_server_driver_package:-
cpe:/a:ibm:data_server_runtime_client:-
cpe:/a:ibm:db2:9.7::~~advanced_enterprise~~~
cpe:/a:ibm:db2:9.7::~~advanced_workgroup~~~
cpe:/a:ibm:db2:9.7::~~enterprise~~~
cpe:/a:ibm:db2:9.7::~~express~~~
cpe:/a:ibm:db2:9.7::~~workgroup~~~
cpe:/a:ibm:db2:10.1::~~advanced_enterprise~~~
cpe:/a:ibm:db2:10.1::~~advanced_workgroup~~~
cpe:/a:ibm:db2:10.1::~~enterprise~~~
cpe:/a:ibm:db2:10.1::~~express~~~
cpe:/a:ibm:db2:10.1::~~workgroup~~~
cpe:/a:ibm:db2:10.5::~~advanced_enterprise~~~
cpe:/a:ibm:db2:10.5::~~advanced_workgroup~~~
cpe:/a:ibm:db2:10.5::~~enterprise~~~
cpe:/a:ibm:db2:10.5::~~express~~~
cpe:/a:ibm:db2:10.5::~~workgroup~~~
cpe:/a:ibm:db2:11.1::~~advanced_enterprise~~~
cpe:/a:ibm:db2:11.1::~~advanced_workgroup~~~
cpe:/a:ibm:db2:11.1::~~enterprise~~~
cpe:/a:ibm:db2:11.1::~~express~~~
cpe:/a:ibm:db2:11.1::~~workgroup~~~
cpe:/a:ibm:db2_connect:9.7::~~application_server~~~
cpe:/a:ibm:db2_connect:9.7::~~enterprise~~~
cpe:/a:ibm:db2_connect:9.7::~~unlimited~~~
cpe:/a:ibm:db2_connect:10.1::~~application_server~~~
cpe:/a:ibm:db2_connect:10.1::~~enterprise~~~
cpe:/a:ibm:db2_connect:10.1::~~unlimited~~~
cpe:/a:ibm:db2_connect:10.5::~~application_server~~~
cpe:/a:ibm:db2_connect:10.5::~~enterprise~~~
cpe:/a:ibm:db2_connect:10.5::~~unlimited~~~
cpe:/a:ibm:db2_connect:11.1.0.0::~~application_server~~~
cpe:/a:ibm:db2_connect:11.1.0.0::~~enterprise~~~
cpe:/a:ibm:db2_connect:11.1.0.0::~~unlimited~~~

Date published: 2017-06-27T12:29:00.417-04:00

Date last modified: 2017-08-11T21:29:03.877-04:00

CVSS Score: 4.4

Principal attack vector: LOCAL

Complexity:  MEDIUM

Reference URL: http://www.ibm.com/support/docview.wss?uid=swg22004878

Summary: IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.