|
|
|||||||
| Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
  |
|
|
Thread Tools | Display Modes |
|
#1
11-16-2017, 09:01 AM
|
||||
|
||||
SB17-310: Vulnerability Summary for the Week of October 30, 2017
SB17-310: Vulnerability Summary for the Week of October 30, 2017
11-05-2017 09:21 PM Original release date: November 06, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infofortinet -- fortiosA Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API.2017-10-274.0CVE-2017-14182 MISC BID SECTRACK CONFIRMfortinet -- fortiosA Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter.2017-10-274.3CVE-2017-7733 BID SECTRACK CONFIRMgnu -- binutilsdwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).2017-10-275.0CVE-2017-15938 BID MISC MISC MISCgnu -- binutilsdwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.2017-10-274.3CVE-2017-15939 BID MISC MISC MISCgraphicsmagick -- graphicsmagickIn ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.2017-10-276.8CVE-2017-15930 CONFIRM CONFIRM BID CONFIRMradare -- radare2In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.2017-10-276.8CVE-2017-15931 BID CONFIRM CONFIRMradare -- radare2In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.2017-10-276.8CVE-2017-15932 BID CONFIRM @#43#Back to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top * Severity Not Yet Assigned Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadult_script_pro*-- adult_script_pro *Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.2017-10-29not yet calculatedCVE-2017-15959 MISC EXPLOIT-DBamazon_web_services*-- cloudformation_boostrap *The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.2017-10-30not yet calculatedCVE-2017-9450 BID CONFIRMapache*-- cordova *The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.2017-10-30not yet calculatedCVE-2014-0073 MISC FULLDISC BUGTRAQ BID XF CONFIRM MLISTapache*-- cordova *ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.2017-10-30not yet calculatedCVE-2014-0072 MISC FULLDISC BUGTRAQ XF CONFIRM MLISTapache*-- hadoop *Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.2017-10-30not yet calculatedCVE-2012-4449 MLIST CONFIRMapache*-- hive *Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.2017-11-01not yet calculatedCVE-2017-12625 MLISTapache*-- httpclient *http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.2017-10-30not yet calculatedCVE-2013-4366 CONFIRM CONFIRMapache*-- juddi *Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp.2017-10-30not yet calculatedCVE-2009-1198 CONFIRM MLIST BIDapache*-- juddi *Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.2017-10-30not yet calculatedCVE-2009-1197 CONFIRM MLIST BIDapache*-- qpid *qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.2017-10-30not yet calculatedCVE-2015-0224 FEDORA MLIST MISC REDHAT REDHAT REDHAT REDHAT BUGTRAQ BID SECTRACK REDHAT CONFIRM CONFIRMapache*-- storm *Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.2017-10-30not yet calculatedCVE-2014-0115 CONFIRM MLISTapache*-- struts *The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.2017-10-30not yet calculatedCVE-2016-3090 BID CONFIRM SECTRACKapache*-- subversion *libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.2017-10-30not yet calculatedCVE-2013-4246 BID CONFIRMapache*-- traffic_server *The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.2017-10-30not yet calculatedCVE-2015-3249 MLIST BID MISCapache*-- traffic_server *Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.2017-10-30not yet calculatedCVE-2014-3624 MLIST BID CONFIRMapache*-- wicket *Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.2017-10-30not yet calculatedCVE-2014-3526 CONFIRMapache*-- wicket *Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to BUG/* . The second payload blocks the change of wireless settings. A factory reset is required.2017-10-31not yet calculatedCVE-2017-14250 |
| Sponsored Links |
     |
Linear Mode
