SB17-191: Vulnerability Summary for the Week of July 3, 2017

The Patriot · #1 07-12-2017, 07:14 AM

SB17-191: Vulnerability Summary for the Week of July 3, 2017

07-10-2017 04:21 AM

Original release date: July 10, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- elastic_services_controllerA vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76634.2017-07-059.0 CVE-2017-6712
BID
CONFIRMcisco -- elastic_services_controllerA vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627.2017-07-0510.0 CVE-2017-6713
BID
CONFIRMcisco -- ios_xrA vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT.2017-07-037.2 CVE-2017-6718
BID
SECTRACK
CONFIRMcisco -- ios_xrA vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.1.28i.BASE 6.2.1.22i.BASE 6.1.32.8i.BASE 6.1.31.3i.BASE 6.1.3.10i.BASE.2017-07-037.2 CVE-2017-6719
BID
SECTRACK
CONFIRMcisco -- starosA vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930.2017-07-057.2 CVE-2017-6707
BID
SECTRACK
CONFIRMcisco -- ultra_services_frameworkA vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654.2017-07-057.5 CVE-2017-6708
CONFIRMcisco -- ultra_services_framework_staging_serverA vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673.2017-07-0510.0 CVE-2017-6714
BID
CONFIRMgoogle -- androidThe lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.2017-06-307.2 CVE-2017-10709
MISC
MISC
MISC
MISC
MISChumaxdigital -- hg100r_firmwareAn issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.2017-07-0310.0 CVE-2017-7315
MISChumaxdigital -- hg100r_firmwareAn issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin.2017-07-0310.0 CVE-2017-7317
MISCpuppet -- mcollectiveVersions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.2017-06-307.5 CVE-2017-2292
CONFIRMvideolan -- vlc_media_playeravcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.2017-06-307.5 CVE-2017-10699
SECTRACK
CONFIRMxen -- xenXen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.2017-07-0410.0 CVE-2017-10912
BID
CONFIRMxen -- xenXen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.2017-07-049.4 CVE-2017-10917
BID
CONFIRMxen -- xenXen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.2017-07-0410.0 CVE-2017-10918
BID
CONFIRMxoev -- osci_transport_libraryAn XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure.2017-06-307.5 CVE-2017-10670
MISC
MISC Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaeroadmin -- aeroadminAeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service.2017-07-025.0 CVE-2017-8893
MISCaeroadmin -- aeroadminAeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine.2017-07-026.8 CVE-2017-8894
MISCantiy -- antivirus_engineAntiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call.2017-06-304.9 CVE-2017-10674
MISCbestpractical -- request_trackerCross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type.2017-07-034.3 CVE-2016-6127
DEBIAN
BID
CONFIRMbestpractical -- request_trackerRequest Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.2017-07-034.3 CVE-2017-5361
DEBIAN
DEBIAN
CONFIRMbestpractical -- request_trackerRequest Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.2017-07-036.8 CVE-2017-5943
DEBIAN
BID
CONFIRMbestpractical -- request_trackerThe dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.2017-07-036.5 CVE-2017-5944
DEBIAN
BID
CONFIRMcisco -- evolved_programmable_network_managerA vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).2017-07-034.3 CVE-2017-6699
BID
SECTRACK
CONFIRMcisco -- identity_services_engineA vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd49141. Known Affected Releases: 2.1(102.101).2017-07-034.3 CVE-2017-6701
BID
SECTRACK
CONFIRMcisco -- prime_collaboration_provisioningA vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1.2017-07-034.0 CVE-2017-6703
BID
SECTRACK
CONFIRMcisco -- prime_collaboration_provisioningA vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1.2017-07-034.0 CVE-2017-6704
BID
SECTRACK
CONFIRMcisco -- prime_infrastructureA vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B).2017-07-035.5 CVE-2017-6698
BID
SECTRACK
CONFIRMcisco -- prime_infrastructureA vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24620 CSCvc49586. Known Affected Releases: 3.1(1) 2.0(4.0.45B).2017-07-034.3 CVE-2017-6700
BID
SECTRACK
CONFIRMcisco -- prime_infrastructureA vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65843. Known Affected Releases: 3.1(0.0).2017-07-034.3 CVE-2017-6724
BID
SECTRACK
CONFIRMcisco -- prime_infrastructureA vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65833 CSCuw65837. Known Affected Releases: 2.2(2).2017-07-034.3 CVE-2017-6725
BID
SECTRACK
CONFIRMcisco -- socialminerA vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1).2017-07-034.3 CVE-2017-6702
BID
SECTRACK
CONFIRMcisco -- starosA vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0.2017-07-035.0 CVE-2017-3865
BID
SECTRACK
CONFIRMcisco -- ultra_services_frameworkA vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659.2017-07-055.0 CVE-2017-6709
CONFIRMcisco -- ultra_services_frameworkA vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the affected software. An attacker could exploit this vulnerability by accessing the affected device through the orchestrator network. An exploit could allow the attacker to gain access to ZooKeeper data nodes (znodes) and influence the behavior of the system's high-availability feature. This vulnerability affects all releases of Cisco Ultra Services Framework UAS prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvd29395.2017-07-056.4 CVE-2017-6711
BID
CONFIRMcisco -- unified_contact_center_expressA vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61).2017-07-035.5 CVE-2017-6722
BID
SECTRACK
CONFIRMcisco -- wide_area_application_servicesA vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22).2017-07-035.0 CVE-2017-6721
BID
SECTRACK
CONFIRMektron -- ektron_content_management_systemCross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx.2017-07-034.3 CVE-2016-6201
MISCelasticsearch -- kibanaIn Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.2017-06-304.3 CVE-2017-8443
CONFIRMgraphicsmagick -- graphicsmagickWhen GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.2017-07-024.3 CVE-2017-10794
BID
CONFIRMgraphicsmagick -- graphicsmagickWhen GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().2017-07-024.3 CVE-2017-10799
CONFIRM
BIDgraphicsmagick -- graphicsmagickWhen GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.2017-07-024.3 CVE-2017-10800
CONFIRM
BIDhumaxdigital -- hg100r_firmwareAn issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page.2017-07-034.3 CVE-2017-7316
MISCintelliants -- subrion_cmsCross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069.2017-07-024.3 CVE-2017-10795
BID
MISCnetapp -- altavaultNetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.2017-07-035.1 CVE-2016-3998
CONFIRMnetapp -- clustered_data_ontapNetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.2017-07-036.8 CVE-2016-3997
CONFIRM
CONFIRMnetapp -- data_ontapNetApp Data ONTAP, when operating in 7-Mode 8.1 and 8.2, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.2017-07-036.8 CVE-2016-3400
CONFIRM
BID
MISC
CONFIRMnetapp -- oncommand_system_managerNetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.2017-07-036.8 CVE-2016-5045
CONFIRMobjectplanet -- opinioIn ObjectPlanet Opinio before 7.6.4, there is XSS.2017-07-024.3 CVE-2017-10798
CONFIRMpuppetlabs -- mcollective-sshkey-securityThe mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "_pub.pem".2017-06-304.3 CVE-2017-2298
CONFIRM
CONFIRM
CONFIRMwinamp -- winampWinamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Code Flow starting at in_flv!winampGetInModule2+0x00000000000009a8."2017-07-054.4 CVE-2017-10725
MISCxen -- xenXen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.2017-07-045.0 CVE-2017-10919
BID
CONFIRMxnview -- xnviewXnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!FindSortHashNode+0x0000000000000040."2017-07-054.6 CVE-2017-10774
MISCxoev -- osci_transport_libraryA Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.2017-06-304.3 CVE-2017-10668
MISC
MISCxoev -- osci_transport_librarySignature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.2017-06-306.4 CVE-2017-10669
MISC
MISC Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoantiy -- antivirus_engineWhen Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used.2017-07-022.1 CVE-2017-10706
MISCcisco -- firepower_management_centerA vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6.2017-07-033.5 CVE-2017-6715
BID
CONFIRMcisco -- firepower_management_centerA vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software Releases prior to 6.0.0.0. More Information: CSCuy88785. Known Affected Releases: 5.4.1.6.2017-07-033.5 CVE-2017-6716
BID
CONFIRMcisco -- firepower_management_centerA vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1.2017-07-033.5 CVE-2017-6717
BID
CONFIRMcisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc85415. Known Affected Releases: 2.1(0.800).2017-07-033.5 CVE-2017-6605
BID
SECTRACK
CONFIRMcisco -- prime_collaboration_provisioningA vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1.2017-07-032.1 CVE-2017-6705
BID
SECTRACK
CONFIRMcisco -- prime_collaboration_provisioningA vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1.2017-07-033.6 CVE-2017-6706
BID
SECTRACK
CONFIRMsynology -- audio_stationCross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.2017-06-303.5 CVE-2015-9104
MISC
CONFIRMsynology -- note_stationMultiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.2017-06-303.5 CVE-2015-9103
MISC
MISC
CONFIRMsynology -- photo_stationMultiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.2017-06-303.5 CVE-2015-9102
MISC
MISC
MISC
MISC
CONFIRMsynology -- video_stationMultiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.2017-06-303.5 CVE-2015-9105
MISC
MISC
CONFIRM Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacquisition_technology_&_logistics_agency -- electronic_tendering_and_bid_opening_system
*Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.2017-07-07not yet calculatedCVE-2017-2208
MISC
JVNapache -- etherpad
*Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.2017-07-07not yet calculatedCVE-2015-3297
MLIST
MLIST
BID
CONFIRMapache*-- solr
*Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.2017-07-07not yet calculatedCVE-2017-7660
MLISTapple*-- quicktime_for_windows
*Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-07not yet calculatedCVE-2017-2218
JVN
MISCbrother_industries -- mfc-j960dwn_firmware

Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-07-07not yet calculatedCVE-2017-2244
JVN
CONFIRMc-ares -- c-ares
*The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.2017-07-07not yet calculatedCVE-2017-1000381
CONFIRM
CONFIRMcacti*-- cacti
*Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.2017-07-06not yet calculatedCVE-2017-10970
CONFIRMcatdoc -- catdoc
*The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer.2017-07-08not yet calculatedCVE-2017-11110
MISCcharamin_steering_committee --installer_of_charamin_omp
*Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-07-07not yet calculatedCVE-2017-2227
JVNcybozu*-- garoon
*Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.2017-07-07not yet calculatedCVE-2017-2144
JVN
CONFIRMcybozu*-- garoon
*Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.2017-07-07not yet calculatedCVE-2017-2146
JVN
CONFIRMcybozu*-- garoon
*Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.2017-07-07not yet calculatedCVE-2017-2145
JVN
CONFIRMcybozu*-- kunai
*Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-07-07not yet calculatedCVE-2017-2172
JVN
CONFIRMd-link*-- d-link_dir-615
*On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware.2017-07-07not yet calculatedCVE-2017-7404
MISC
MISCd-link*-- d-link_dir-615
*On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.2017-07-07not yet calculatedCVE-2017-7405
MISC
MISCd-link*-- d-link_dir-615
*The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic.2017-07-07not yet calculatedCVE-2017-7406
MISC
MISCdbd::mysql -- dbd::mysql
*The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.2017-07-01not yet calculatedCVE-2017-10788
MISC
BID
MISCdbd::mysql -- dbd::mysql
*The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.2017-07-01not yet calculatedCVE-2017-10789
BID
MISC
MISCdfactory -- responsive_lightbox
*Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2017-07-07not yet calculatedCVE-2017-2243
JVN
CONFIRMelastic*-- elasticsearch_x-pack_security
*Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details.2017-07-07not yet calculatedCVE-2017-8442
CONFIRMemc*-- rsa_archer
*EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages.2017-07-06not yet calculatedCVE-2017-4999
CONFIRM
BID
SECTRACKemc*-- rsa_archer
*EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user's privileges.2017-07-06not yet calculatedCVE-2017-4998
CONFIRM
BID
SECTRACKemc*-- rsa_archer
*EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.2017-07-06not yet calculatedCVE-2017-5001
CONFIRM
BID
SECTRACKemc*-- rsa_archer
*EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.2017-07-06not yet calculatedCVE-2017-5002
CONFIRM
BID
SECTRACKemc*-- rsa_archer
*EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack.2017-07-06not yet calculatedCVE-2017-5000
CONFIRM
BID
SECTRACKfastone*-- image_viewer
*FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.2017-07-05not yet calculatedCVE-2017-8826
MISCfastone*-- image_viewer
*FastStone Image Viewer 6.2 has a "Data from Faulting Address may be used as a return value" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.2017-07-05not yet calculatedCVE-2017-8785
MISCfinecms*-- finecms
*In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters.2017-07-06not yet calculatedCVE-2017-10967
CONFIRMfinecms*-- finecms
*In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "