|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
SB17-212: Vulnerability Summary for the Week of July 24, 2017
SB17-212: Vulnerability Summary for the Week of July 24, 2017 07-31-2017 08:12 AM Original release date: July 31, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoappsec-labs -- appsec_labsAppUse 4.0 allows shell command injection via a proxy field.2017-07-257.2CVE-2017-11566 MISCbuffalo -- wapm-1166d_firmwareWAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.2017-07-2110.0CVE-2017-2126 CONFIRM JVNfinecms -- finecmsdayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.2017-07-237.5CVE-2017-11582 MISCfinecms -- finecmsdayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.2017-07-237.5CVE-2017-11583 MISCfinecms -- finecmsdayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.2017-07-237.5CVE-2017-11584 MISCfinecms -- finecmsdayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection.2017-07-237.5CVE-2017-11585 MISCfortinet -- fortiwlmA hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.2017-07-227.5CVE-2017-7336 BID CONFIRMgeutebrueck -- gcoreStack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.2017-07-217.5CVE-2017-11517 EXPLOIT-DBgreenpacket -- dx-350_firmwareGreen Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.2017-07-217.5CVE-2017-9932 MISCgreenpacket -- dx-350_firmwareIn Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter.2017-07-217.5CVE-2017-9980 MISCimagemagick -- imagemagickMemory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.2017-07-257.8CVE-2016-7539 CONFIRM MLIST BID CONFIRM CONFIRM CONFIRMimagemagick -- imagemagickThe ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.2017-07-217.1CVE-2017-11505 CONFIRM CONFIRMimagemagick -- imagemagickThe ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.2017-07-227.1CVE-2017-11523 CONFIRM CONFIRM CONFIRM CONFIRMimagemagick -- imagemagickThe ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.2017-07-227.1CVE-2017-11525 BID CONFIRM CONFIRMimagemagick -- imagemagickThe ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.2017-07-227.1CVE-2017-11526 BID CONFIRM CONFIRMimagemagick -- imagemagickThe ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.2017-07-227.1CVE-2017-11527 CONFIRM CONFIRMimagemagick -- imagemagickThe ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.2017-07-227.1CVE-2017-11530 CONFIRM CONFIRMinmarsat -- amosconnect_8Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.2017-07-2210.0CVE-2017-3222 BID CERT-VNlibinfinity_project -- libinfinitylibinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.2017-07-217.5CVE-2015-3886 MLIST CONFIRM CONFIRM CONFIRM CONFIRMrootkit_hunter_project -- rkhunterrkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.2017-07-217.5CVE-2017-7480 MLISTsony -- wg-c10_firmwareWG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.2017-07-219.0CVE-2017-2275 MISC JVNsony -- wg-c10_firmwareBuffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.2017-07-219.0CVE-2017-2276 MISC JVNtcpdump -- tcpdumptcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.2017-07-227.5CVE-2017-11541 BID MISCtcpdump -- tcpdumptcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.2017-07-227.5CVE-2017-11542 BID MISCtcpdump -- tcpdumptcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.2017-07-227.5CVE-2017-11543 BID MISCtilde_cms_project -- tilde_cmsAn issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter.2017-07-247.5CVE-2017-11324 MISCBack to top * Medium Vulnerabilities
Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoansible -- ansibleAnsible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive where the information may not be sanitized properly.2017-07-215.0CVE-2017-7473 MISCatmail -- atmailCross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.2017-07-254.3CVE-2017-11617 MISC MISCatutor -- atutorDirectory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.2017-07-225.0CVE-2016-10400 MISC MISCbuffalotech -- wmr-433w_firmwareCross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-07-214.3CVE-2017-2274 CONFIRM JVNcanonical -- ubuntu_linuxThe simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions.2017-07-214.9CVE-2015-1323 BID UBUNTUcisco -- prime_collaboration_provisioningA vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1.2017-07-254.3CVE-2017-6755 BID SECTRACK CONFIRMcontao -- contao_cmsContao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.2017-07-216.5CVE-2017-10993 CONFIRMcygwin -- cygwinCygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string.2017-07-215.0CVE-2017-7523 MISCektron -- ektron_content_management_systemCross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx.2017-07-254.3CVE-2016-6133 BUGTRAQeshop_project -- eshopThe eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.2017-07-214.3CVE-2015-3421 BID MISCexiv2 -- exiv2There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.2017-07-225.0CVE-2017-11553 MISCexiv2 -- exiv2There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.2017-07-235.0CVE-2017-11591 MISCexiv2 -- exiv2There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.2017-07-235.0CVE-2017-11592 MISCfedoraproject -- fedoraThe log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.2017-07-215.0CVE-2015-5194 CONFIRM FEDORA FEDORA SUSE SUSE SUSE REDHAT REDHAT DEBIAN MLIST BID UBUNTU CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMfedoraproject -- fedorantp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.2017-07-215.0CVE-2015-5195 FEDORA FEDORA FEDORA REDHAT REDHAT DEBIAN MLIST BID UBUNTU CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMfedoraproject -- fedoraThe ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.2017-07-215.0CVE-2015-5219 CONFIRM CONFIRM FEDORA FEDORA FEDORA SUSE SUSE REDHAT REDHAT DEBIAN MLIST BID UBUNTU CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMfedoraproject -- fedoraUse-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.2017-07-254.3CVE-2015-5221 SUSE SUSE SUSE MLIST REDHAT CONFIRM CONFIRM FEDORA FEDORA FEDORAfinecms -- finecmsdayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a ' |
Sponsored Links |
|