CVE-2017-6413

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.

Source: CVE-2017-6413

CVE-2017-6408

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.

Source: CVE-2017-6408

CVE-2017-6407

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.

Source: CVE-2017-6407

CVE-2017-6410

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.

Source: CVE-2017-6410

CVE-2017-6062 (mod_auth_openidc)

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.

Source: CVE-2017-6062 (mod_auth_openidc)

CVE-2017-6397 (flightairmap)

An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6397 (flightairmap)

CVE-2017-6396 (webpagetest)

An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6396 (webpagetest)

CVE-2017-6390 (whatanime.ga)

An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6390 (whatanime.ga)

CVE-2017-6400 (access, netbackup, netbackup_appliance)

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).

Source: CVE-2017-6400 (access, netbackup, netbackup_appliance)

CVE-2017-6394 (openemr)

An issue was discovered in OpenEMR 5.0.1-dev. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "openemr-master/gacl/admin/object_search.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6394 (openemr)