Primary
Vendor -- Product |
Description
|
Published
|
CVSS Score
|
Source & Patch Info
|
amd -- ryzen
|
The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite.
|
2017-03-24
| ||
brave -- browser
|
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.
|
2017-03-27
| ||
broadcom -- bcm4339_soc_firmware
|
Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156).
|
2017-03-27
| ||
canonical -- ubuntu_core
|
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.
|
2017-03-24
| ||
debian -- debian_linux
|
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
|
2017-03-24
| ||
eclipse -- tinydtls
|
Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake.
|
2017-03-24
| ||
eonweb_project -- eonweb
|
EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_
「EyesOfNetwork (“EON”) is the OpenSource solution combining a pragmatic usage of ITIL processes and a technological interface allowing their workaday application. EyesOfNetwork Supervision is the first brick of a range of products targeting to assist IT managment and gouvernance. EyesOfNetwork Supervision provides event management, availability, problems and capacity.」
|
2017-03-24
| ||
eviewgps -- ev-07s_gps_tracker_firmware
|
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field.
|
2017-03-27
| ||
eviewgps -- ev-07s_gps_tracker_firmware
|
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.
|
2017-03-27
| ||
exfat_prokect -- exfat
|
Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem.
|
2017-03-27
| ||
extraputty -- extraputty
|
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
|
2017-03-27
| ||
f5 -- big-ip_webaccelerator
|
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.
|
2017-03-27
| ||
fedoraproject -- fedora
|
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.
|
2017-03-24
| ||
fedoraproject -- fedora
|
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
|
2017-03-28
| ||
fedoraproject -- fedora
|
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
|
2017-03-27
| ||
freeradius -- freeradius
|
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
|
2017-03-27
| ||
freeradius -- freeradius
|
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
|
2017-03-27
| ||
freeradius -- freeradius
|
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
|
2017-03-27
| ||
getsymphony -- symphony_cms
|
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
|
2017-03-26
| ||
gnu -- bash
|
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
|
2017-03-27
| ||
gnu -- binutils
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.
|
2017-03-29
| ||
gnu -- binutils
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.
|
2017-03-29
| ||
gnu -- gnutls
|
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
|
2017-03-24
| ||
ibm -- cognos_business_intelligence
|
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718.
こちらの製品か?↓
|
2017-03-27
| ||
ibm -- kenexa_lcms_premier
|
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874.
|
2017-03-27
| ||
ibm -- security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359.
|
2017-03-27
| ||
ibm -- tririga_application_platform
|
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.
|
2017-03-27
| ||
ibm -- websphere_portal
|
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152.
|
2017-03-27
| ||
imagemagick -- imagemagick
|
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
|
2017-03-24
| ||
imagemagick -- imagemagick
|
2017-03-24
| |||
imagemagick -- imagemagick
|
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.
治りきっていないようで、、、
|
2017-03-27
| ||
intelliants -- subrion_cms
|
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.
Ref: https://subrion.org
「Subrion is a free open source content management system」
|
2017-03-26
| ||
libgit2_project -- libgit2
|
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
|
2017-03-24
| ||
libgit2_project -- libgit2
|
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
|
2017-03-24
| ||
libtiff -- libtiff
|
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.
|
2017-03-24
| ||
linux -- linux_kernel
|
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_
|
2017-03-24
| ||
linux -- linux_kernel
|
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.
|
2017-03-28
| ||
miele_professional -- pst10_webserver
|
An issue was discovered on Miele Professional PG 8528 PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../..
|
2017-03-24
| ||
moodle -- moodle
|
In Moodle 3.2.x, global search displays user names for unauthenticated users.
|
2017-03-26
| ||
netflix -- security_monkey
|
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
米NetflixがAWSセキュリティ設定追跡ツール「Secu
|
2017-03-26
| ||
nextcloud -- nextcloud
|
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
「This release provides you the most secure solution for keeping your data under control we’ve delivered yet.」
|
2017-03-27
| ||
ntp -- ntp
|
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.
|
2017-03-27
| ||
ntp -- ntp
|
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
|
2017-03-27
| ||
ntp -- ntp
|
2017-03-27
| |||
nuxeo -- nuxeo
|
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.
|
2017-03-24
| ||
openslp -- openslp
|
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.
|
2017-03-27
| ||
opensuse_project -- leap
|
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
|
2017-03-27
| ||
owncloud -- owncloud
|
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.
|
2017-03-27
| ||
php -- php
|
PHP through 7.1.3 enables potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.
|
2017-03-27
| ||
potrace_project -- potrace
|
The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698.
|
2017-03-26
| ||
radare -- radare2
|
The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.
|
2017-03-27
| ||
revive-adserver -- revive_adserver
|
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress.
|
2017-03-27
| ||
s-nail_project -- s-nail
|
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
|
2017-03-27
| ||
siemens -- ruggedcom_rox_i
|
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information.
|
2017-03-28
| ||
siemens -- ruggedcom_rox_i
|
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link.
|
2017-03-28
| ||
siemens -- ruggedcom_rox_i
|
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.
|
2017-03-28
| ||
siemens -- ruggedcom_rox_i
|
Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings.
|
2017-03-28
| ||
solarwinds -- log_and_event_manager
|
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgr
|
2017-03-24
| ||
uclibc-ng_project -- uclibc-ng
|
The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply.
|
2017-03-24
| ||
uclibc-ng_project -- uclibc-ng
|
The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet.
|
2017-03-24
| ||
yii_software -- yii
|
Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.
|
2017-03-27
|
Apr 7, 2017
3/27週のCVE ... Medium Vulnerabilities から抜粋
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment