赤坂タロウの日記: 2/27週のCVE ... Medium Vulnerabilities

Mar 7, 2017

2/27週のCVE ... Medium Vulnerabilities

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
cisco -- netflow_generation_appliance_software	A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI. The following Cisco NetFlow Generation Appliances are vulnerable: NGA 3140, NGA 3240, NGA 3340. Cisco Bug IDs: CSCvc83320.	2017-03-01	5.0	CVE-2017-3826 BID CONFIRM
dropbear_ssh_project -- dropbear_ssh	The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.	2017-03-03	6.5	CVE-2016-7408 MLIST BID CONFIRM CONFIRM GENTOO
fedoraproject -- fedora	Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.	2017-03-03	5.0	CVE-2016-7970 MLIST BID CONFIRM CONFIRM CONFIRM FEDORA FEDORA FEDORA GENTOO
fedoraproject -- fedora	gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.	2017-02-28	6.8	CVE-2017-5884 MLIST MLIST BID CONFIRM CONFIRM FEDORA
gnu -- glibc	The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.	2017-03-01	4.3	CVE-2016-10228 CONFIRM BID CONFIRM
gnu -- libiberty	Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.	2017-02-24	6.8	CVE-2016-2226 MLIST CONFIRM
	・・・他に数件、省略・・・
grails -- pdf_plugin	XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.	2017-02-27	4.3	CVE-2017-6344 BID MISC
graphicsmagick -- graphicsmagick	The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.	2017-02-27	4.3	CVE-2016-5240 CONFIRM CONFIRM MLIST MLIST MLIST BID
hashover_project -- hashover	An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.	2017-03-02	4.3	CVE-2017-6395 CONFIRM
hesiod_project -- hesiod	The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary.	2017-03-01	6.9	CVE-2016-10151 MLIST BID CONFIRM CONFIRM
ibm -- dashboard_application_services_hub	IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714.	2017-02-24	6.8	CVE-2016-9975 CONFIRM BID
ibm -- kenexa_lcms_premier	IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.	2017-03-01	6.5	CVE-2016-9992 CONFIRM
	・・・
ibm -- tivoli_storage_manager	IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.

No comments:

Subscribe to: Post Comments (Atom)