２／１３週のCVE

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- campaign Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. 2017-02-15 7.5 CVE-2017-2968 CONFIRM CONFIRM adobe -- digital_editions Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2973 CONFIRM adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution. 2017-02-15 10.0 CVE-2017-2982 CONFIRM ・・・flash_player、祭りにつき、省略・・・ advantech -- susiaccess An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use. 2017-02-13 7.2 CVE-2016-9353 BID MISC advantech -- webaccess An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. 2017-02-13 7.5 CVE-2017-5154 BID MISC binom3 -- universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. 2017-02-13 10.0 CVE-2017-5162 BID MISC binom3 -- universal_multifunctional_electric_power_quality_meter_firmware An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords. 2017-02-13 7.5 CVE-2017-5167 BID MISC dotcms -- dotcms An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. 2017-02-17 7.5 CVE-2017-5344 MISC MISC MISC exponentcms -- exponent_cms install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. 2017-02-13 7.5 CVE-2016-7565 MLIST CONFIRM CONFIRM freebsd -- freebsd The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists." 2017-02-15 7.2 CVE-2016-1880 SECTRACK FREEBSD ・・・freebsd、他数件、省略・・・ honeywell -- xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. 2017-02-13 7.5 CVE-2017-5143 BID MISC ibm -- integration_bus IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. 2017-02-15 8.5 CVE-2016-9706 CONFIRM ibm -- vios IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. 2017-02-15 7.2 CVE-2016-6079 CONFIRM BID ibm -- vios IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. Ref: bellmail command (IBM)   https://www.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.networkcomm/mail_bellmail.htm 「… the UNIX-to-UNIX Copy Program (UUCP) … These programs support only networks of systems connected by dialup or leased point-to-point communication lines.」 枯れたローカルコマンドに、こういう脆弱性が見つかる事もあるのですね。 アップデート可能で、ベンダーページを見てください、とのこと 2017-02-15 7.2 CVE-2016-8972 CONFIRM BID lynxspring -- jenesys_bas_bridge An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication. 2017-02-13 7.5 CVE-2016-8361 BID MISC moxa -- nport_5100_series_firmware An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating. 参考: http://www.moxa.com/product/NPort_5100A.htm 2017-02-13 7.5 CVE-2016-9361 BID MISC ・・・moxa 他の製品も含め、数件、省略・・・ nagios -- nagios Nagios 4.2.4 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. 2017-02-15 7.2 CVE-2016-10089 MLIST BID schneider-electric -- powerlogic_pm8ecc_firmware An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. 2017-02-13 7.5 CVE-2016-5818 BID MISC videoinsight -- web_client An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. 2017-02-13 7.5 CVE-2017-5151 BID MISC vim -- vim vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. 2017-02-10 7.5 CVE-2017-5953 CONFIRM CONFIRM wireshark -- wireshark In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. 2017-02-17 7.8 CVE-2017-6014 CONFIRM Back to top Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info ・・・ Medium Vulnerabilities、大幅に省略・・・ adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution. 2017-02-15 6.8 CVE-2017-2994 CONFIRM adobe -- flash_player Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution. 2017-02-15 6.8 CVE-2017-2995 CONFIRM ・・・ fedoraproject -- fedora slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. 2017-02-15 5.0 CVE-2016-6866 CONFIRM MISC MLIST MLIST BID FEDORA FEDORA freebsd -- freebsd The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures." 2017-02-15 5.0 CVE-2016-1888 SECTRACK FREEBSD gnu -- glibc Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. 2017-02-16 5.0 CVE-2016-5417 MLIST BID CONFIRM CONFIRM MLIST google -- chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. 参考: Blink (Wikipedia)   https://ja.wikipedia.org/wiki/Blink_(%E3%83%AC%E3%83%B3%E3%83%80%E3%83%AA%E3%83%B3%E3%82%B0%E3%82%A8%E3%83%B3%E3%82%B8%E3%83%B3) 2017-02-17 4.3 CVE-2017-5006 BID CONFIRM CONFIRM ・・・他にChrome十件ほど、省略・・・ honeywell -- xl_web_ii_controller An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. 2017-02-13 5.0 CVE-2017-5139 BID MISC ・・・他に数件、省略・・・ ibm -- aix IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234. 2017-02-15 4.9 CVE-2016-8944 CONFIRM BID ibm -- integration_bus IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906. 2017-02-15 4.3 CVE-2016-9010 CONFIRM ibm -- rational_requirements_composer An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547. 2017-02-15