CVE-2017-1427CVE-2017-1427

Affected configuration(s):

cpe:/a:ibm:cognos_analytics:11.0.0
cpe:/a:ibm:cognos_analytics:11.0.1
cpe:/a:ibm:cognos_analytics:11.0.2
cpe:/a:ibm:cognos_analytics:11.0.3
cpe:/a:ibm:cognos_analytics:11.0.4
cpe:/a:ibm:cognos_analytics:11.0.5
cpe:/a:ibm:cognos_analytics:11.0.6

Date published: 2017-08-29T17:29:00.557-04:00

Date last modified: 2017-09-01T11:19:32.840-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.ibm.com/support/docview.wss?uid=swg22007242

Summary: IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579.

CVE-2017-1428CVE-2017-1428

Affected configuration(s):

cpe:/a:ibm:cognos_analytics:11.0.0
cpe:/a:ibm:cognos_analytics:11.0.1
cpe:/a:ibm:cognos_analytics:11.0.2
cpe:/a:ibm:cognos_analytics:11.0.3
cpe:/a:ibm:cognos_analytics:11.0.4
cpe:/a:ibm:cognos_analytics:11.0.5
cpe:/a:ibm:cognos_analytics:11.0.6

Date published: 2017-08-29T17:29:00.607-04:00

Date last modified: 2017-09-01T12:31:27.650-04:00

CVSS Score: 5.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.ibm.com/support/docview.wss?uid=swg22007242

Summary: IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583.

CVE-2017-12440CVE-2017-12440

Affected configuration(s):

cpe:/a:openstack:openstack:07132017

Date published: 2017-08-18T10:29:00.377-04:00

Date last modified: 2017-12-01T21:29:05.703-05:00

CVSS Score: 6.0

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.debian.org/security/2017/dsa-3953

Summary: Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.

CVE-2017-13766CVE-2017-13766

Affected configuration(s):

cpe:/a:wireshark:wireshark:2.0.0
cpe:/a:wireshark:wireshark:2.0.1
cpe:/a:wireshark:wireshark:2.0.2
cpe:/a:wireshark:wireshark:2.0.3
cpe:/a:wireshark:wireshark:2.0.4
cpe:/a:wireshark:wireshark:2.0.5
cpe:/a:wireshark:wireshark:2.0.6
cpe:/a:wireshark:wireshark:2.0.7
cpe:/a:wireshark:wireshark:2.0.8
cpe:/a:wireshark:wireshark:2.0.9
cpe:/a:wireshark:wireshark:2.0.10
cpe:/a:wireshark:wireshark:2.0.11
cpe:/a:wireshark:wireshark:2.0.12
cpe:/a:wireshark:wireshark:2.0.13
cpe:/a:wireshark:wireshark:2.2.0
cpe:/a:wireshark:wireshark:2.2.1
cpe:/a:wireshark:wireshark:2.2.2
cpe:/a:wireshark:wireshark:2.2.3
cpe:/a:wireshark:wireshark:2.2.4
cpe:/a:wireshark:wireshark:2.2.5
cpe:/a:wireshark:wireshark:2.2.6
cpe:/a:wireshark:wireshark:2.2.7
cpe:/a:wireshark:wireshark:2.4.0

Date published: 2017-08-30T05:29:00.497-04:00

Date last modified: 2017-12-10T21:29:00.400-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/100542

Summary: In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.

CVE-2017-13767CVE-2017-13767

Affected configuration(s):

cpe:/a:wireshark:wireshark:2.0.0
cpe:/a:wireshark:wireshark:2.0.1
cpe:/a:wireshark:wireshark:2.0.2
cpe:/a:wireshark:wireshark:2.0.3
cpe:/a:wireshark:wireshark:2.0.4
cpe:/a:wireshark:wireshark:2.0.5
cpe:/a:wireshark:wireshark:2.0.6
cpe:/a:wireshark:wireshark:2.0.7
cpe:/a:wireshark:wireshark:2.0.8
cpe:/a:wireshark:wireshark:2.0.9
cpe:/a:wireshark:wireshark:2.0.10
cpe:/a:wireshark:wireshark:2.0.11
cpe:/a:wireshark:wireshark:2.0.12
cpe:/a:wireshark:wireshark:2.0.13
cpe:/a:wireshark:wireshark:2.2.0
cpe:/a:wireshark:wireshark:2.2.1
cpe:/a:wireshark:wireshark:2.2.2
cpe:/a:wireshark:wireshark:2.2.3
cpe:/a:wireshark:wireshark:2.2.4
cpe:/a:wireshark:wireshark:2.2.5
cpe:/a:wireshark:wireshark:2.2.6
cpe:/a:wireshark:wireshark:2.2.7
cpe:/a:wireshark:wireshark:2.4.0

Date published: 2017-08-30T05:29:00.527-04:00

Date last modified: 2017-09-02T21:29:16.063-04:00

CVSS Score: 7.8

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/100549

Summary: In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.

CVE-2017-13765CVE-2017-13765

Affected configuration(s):

cpe:/a:wireshark:wireshark:2.0.0
cpe:/a:wireshark:wireshark:2.0.1
cpe:/a:wireshark:wireshark:2.0.2
cpe:/a:wireshark:wireshark:2.0.3
cpe:/a:wireshark:wireshark:2.0.4
cpe:/a:wireshark:wireshark:2.0.5
cpe:/a:wireshark:wireshark:2.0.6
cpe:/a:wireshark:wireshark:2.0.7
cpe:/a:wireshark:wireshark:2.0.8
cpe:/a:wireshark:wireshark:2.0.9
cpe:/a:wireshark:wireshark:2.0.10
cpe:/a:wireshark:wireshark:2.0.11
cpe:/a:wireshark:wireshark:2.0.12
cpe:/a:wireshark:wireshark:2.0.13
cpe:/a:wireshark:wireshark:2.0.14
cpe:/a:wireshark:wireshark:2.2.0
cpe:/a:wireshark:wireshark:2.2.1
cpe:/a:wireshark:wireshark:2.2.2
cpe:/a:wireshark:wireshark:2.2.3
cpe:/a:wireshark:wireshark:2.2.4
cpe:/a:wireshark:wireshark:2.2.5
cpe:/a:wireshark:wireshark:2.2.6
cpe:/a:wireshark:wireshark:2.2.7
cpe:/a:wireshark:wireshark:2.2.8
cpe:/a:wireshark:wireshark:2.4.0

Date published: 2017-08-30T05:29:00.450-04:00

Date last modified: 2017-09-02T21:29:15.937-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/100551

Summary: In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.

CVE-2017-13764CVE-2017-13764

Affected configuration(s):

cpe:/a:wireshark:wireshark:2.4.0

Date published: 2017-08-30T05:29:00.417-04:00

Date last modified: 2017-09-02T21:29:15.890-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/100545

Summary: In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.

CVE-2017-11317CVE-2017-11317

Affected configuration(s):

cpe:/a:telerik:ui_for_asp.net_ajax:2016.3.1027
cpe:/a:telerik:ui_for_asp.net_ajax:2017.2.503
cpe:/a:telerik:ui_for_asp.net_ajax:2017.2.621

Date published: 2017-08-23T13:29:00.177-04:00

Date last modified: 2017-08-31T14:00:30.513-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload

Summary: Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

CVE-2017-13757CVE-2017-13757

Affected configuration(s):

cpe:/a:gnu:binutils:2.29

Date published: 2017-08-29T19:29:00.190-04:00

Date last modified: 2017-08-31T21:29:33.710-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.securityfocus.com/bid/100532

Summary: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.

CVE-2017-10833CVE-2017-10833

Affected configuration(s):

cpe:/o:nippon-antenna:scr02hd_firmware:1.0.3.1000

Date published: 2017-08-28T21:35:12.907-04:00

Date last modified: 2017-08-31T13:21:08.557-04:00

CVSS Score: 6.4

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf

Summary: “Dokodemo eye Smart HD” SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors.