CVE-2017-14797

Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.

Read More

Jenkins Multiple Plugins Multiple HTML Injection Vulnerabilities


Jenkins Multiple Plugins Multiple HTML Injection Vulnerabilities

Bugtraq ID: 101061
Class: Input Validation Error
CVE:

CVE-2017-1000102
CVE-2017-1000103

Remote: Yes
Local: No
Published: Sep 29 2017 12:00AM
Updated: Sep 29 2017 12:00AM
Credit: Oleg Nenashev, CloudBees, Inc.
Vulnerable:

Jenkins-Ci Static Analysis Utilities Plugin 1.91
Jenkins-Ci DRY Plugin 2.48

Not Vulnerable:

Jenkins-Ci Static Analysis Utilities Plugin 1.92
Jenkins-Ci DRY Plugin 2.49

Powered by WPeMatico

CVE-2017-13988

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the ‘follow schedule’ function.

Read More

CVE-2017-14929

In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.

Read More