High Vulnerabilities
Primary
Vendor -- Product
|
Description
|
Published
|
CVSS Score
|
Source & Patch Info
|
alcatel-lucent -- omnivista_8770_network_
management_system
|
Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server."
|
2016-12-03
|
|
|
google -- android
|
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.
|
2016-12-08
|
|
|
google -- android
|
The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554).
|
2016-12-06
|
|
|
intel -- wireless_bluetooth_drivers
|
Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges.
|
2016-12-08
|
|
|
joomla -- joomla!
|
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.
|
2016-12-05
|
|
|
linux -- linux_kernel
|
arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.
|
2016-12-08
|
|
|
|
ローカルユーザの権限昇格、または DoSネタが他にも数件
・・・略・・・
|
|
|
|
siemens -- sicam_pas
|
A vulnerability in Siemens SICAM PAS (all versions including V8.08) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.
|
2016-12-05
|
|
|
siemens -- sicam_pas
|
A vulnerability in Siemens SICAM PAS (all versions including V8.08) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets sent to port 19234/TCP.
|
2016-12-05
|
|
|
zikula -- zikula_application_framework
|
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.
|
2016-12-05
|
|
|
Medium Vulnerabilities
Primary
Vendor -- Product
|
Description
|
Published
|
CVSS Score
|
Source & Patch Info
|
apache -- http_server
|
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
|
2016-12-05
|
|
|
bluez -- bluez
|
In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
|
2016-12-03
|
|
|
bluez -- bluez
|
In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
|
2016-12-03
|
|
|
|
・Bluetoothのはなし(4) (2012/12/26)
「BlueZ は Linux および Android で動作する
オープンソースの Bluetooth プロトコルスタック」
CVE-2016-9798のはパッチは未だ無い模様
他にもクラッシュ等、数件
・・・略・・・
|
|
|
|
gnome -- libgsf
|
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
|
2016-12-08
|
|
|
libtiff -- libtiff
|
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
|
2016-12-06
|
|
|
netapp -- netapp_plug-in
|
NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.
|
2016-12-05
|
|
|
roundcube -- webmail
|
steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message.
|
2016-12-08
|
|
|
spip -- spip
|
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.
|
2016-12-05
|
|
|
umn -- mapserver
|
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
|
2016-12-08
|
|
|
Low Vulnerabilities
Primary
Vendor -- Product
|
Description
|
Published
|
CVSS Score
|
Source & Patch Info
|
intel -- proset/wireless_software_and_drivers
|
Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service.
|
2016-12-08
|
|
|
Severity Not Yet Assigned
Primary
Vendor -- Product
|
Description
|
Published
|
CVSS Score
|
Source & Patch Info
|
atlassian_crowd -- ldap
|
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.
|
2016-12-09
|
not yet calculated
|
|
busybox -- busybox
|
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.
|
2016-12-09
|
not yet calculated
|
|
crowbar_framework -- openstack_and_trove_barclamp
|
The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
2016-12-09
|
not yet calculated
|
|
django -- django
|
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.
|
2016-12-09
|
not yet calculated
|
|
django -- django
|
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
|
2016-12-09
|
not yet calculated
|
|
dotclear -- dotclear
|
Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.
|
2016-12-09
|
not yet calculated
|
|
gnu -- gnutar
|
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
|
2016-12-09
|
not yet calculated
|
|
intel -- nuc_kits
|
SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform.
|
2016-12-08
|
not yet calculated
|
|
jfrog -- artifactory
|
JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.
|
2016-12-09
|
not yet calculated
|
|
phpmyadmin -- phpmyadmin
|
A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
|
2016-12-10
|
not yet calculated
|
|
・・・他にも多数。省略・・・
|
|
|
|
|
postgresql -- postgresql
|
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
|
2016-12-09
|
not yet calculated
|
|
postgresql -- postgresql
|
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
|
2016-12-09
|
not yet calculated
|
|
pricewaterhouse -- ace-abap
|
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.
|
2016-12-09
|
not yet calculated
|
|
qemu -- qemu
|
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
|
2016-12-09
|
not yet calculated
|
|
・・・他にも数件。省略・・・
|
|
|
|
|
|
No comments:
Post a Comment