CVE-2017-11671CVE-2017-11671

Affected configuration(s):

cpe:/a:gnu:gcc:4.6
cpe:/a:gnu:gcc:4.7
cpe:/a:gnu:gcc:4.8
cpe:/a:gnu:gcc:4.9
cpe:/a:gnu:gcc:5.0
cpe:/a:gnu:gcc:5.1
cpe:/a:gnu:gcc:5.2
cpe:/a:gnu:gcc:5.3
cpe:/a:gnu:gcc:5.4
cpe:/a:gnu:gcc:6.0
cpe:/a:gnu:gcc:6.1
cpe:/a:gnu:gcc:6.2
cpe:/a:gnu:gcc:6.3

Date published: 2017-07-26T17:29:00.207-04:00

Date last modified: 2017-08-09T12:30:07.473-04:00

CVSS Score: 2.1

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://openwall.com/lists/oss-security/2017/07/27/2

Summary: Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.

CVE-2017-11646CVE-2017-11646

Affected configuration(s):

cpe:/a:netcomm:4gt101w_software:1.1.8.8
cpe:/o:netcomm:4gt101w_bootloader:1.1.3

Date published: 2017-07-28T01:29:00.417-04:00

Date last modified: 2017-08-04T12:22:07.970-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html

Summary: NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device.

CVE-2017-11647CVE-2017-11647

Affected configuration(s):

cpe:/a:netcomm:4gt101w_software:1.1.8.8
cpe:/o:netcomm:4gt101w_bootloader:1.1.3

Date published: 2017-07-28T01:29:00.450-04:00

Date last modified: 2017-08-04T12:21:35.597-04:00

CVSS Score: 3.5

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://iscouncil.blogspot.com/2017/07/cross-site-scripting-vulnerability-in.html

Summary: NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation.

CVE-2017-11720CVE-2017-11720

Affected configuration(s):

cpe:/a:lame_project:lame:3.99.5

Date published: 2017-07-28T10:29:00.187-04:00

Date last modified: 2017-08-30T21:29:01.083-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/

Summary: There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.

CVE-2017-11645CVE-2017-11645

Affected configuration(s):

cpe:/a:netcomm:4gt101w_software:1.1.8.8
cpe:/o:netcomm:4gt101w_bootloader:1.1.3

Date published: 2017-07-28T01:29:00.387-04:00

Date last modified: 2017-08-04T12:22:50.973-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://iscouncil.blogspot.com/2017/07/access-violation-vulnerability-in.html

Summary: NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html.

CVE-2017-11703CVE-2017-11703

Affected configuration(s):

cpe:/a:libming:ming:0.4.8

Date published: 2017-07-28T01:29:00.513-04:00

Date last modified: 2017-08-02T12:30:25.397-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in-parseswfdoaction.html

Summary: A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11704CVE-2017-11704

Affected configuration(s):

cpe:/a:libming:ming:0.4.8

Date published: 2017-07-28T01:29:00.577-04:00

Date last modified: 2017-08-02T12:30:44.333-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in.html

Summary: A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11705CVE-2017-11705

Affected configuration(s):

cpe:/a:libming:ming:0.4.8

Date published: 2017-07-28T01:29:00.683-04:00

Date last modified: 2017-08-02T12:30:52.770-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in.html

Summary: A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11691CVE-2017-11691

Affected configuration(s):

cpe:/a:cacti:cacti:1.1.13

Date published: 2017-07-27T02:29:00.647-04:00

Date last modified: 2017-08-04T15:57:21.980-04:00

CVSS Score: 3.5

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.securityfocus.com/bid/100022

Summary: Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

CVE-2017-11184CVE-2017-11184

Affected configuration(s):

cpe:/a:glpi-project:glpi:9.1.4

Date published: 2017-07-28T01:29:00.357-04:00

Date last modified: 2017-08-04T13:26:25.843-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://github.com/glpi-project/glpi/issues/2449

Summary: SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.