ふぅ~、4/17週も出ているのだが、追い付いていない。
Primary
Vendor -- Product |
Description
|
Published
|
CVSS Score
|
Source & Patch Info
|
amazon -- fire_os
|
Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.
|
2017-04-09
| ||
atlassian -- jira
|
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
|
2017-04-10
| ||
axis -- axis_communications_firmware
|
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
|
2017-04-09
| ||
botan_project -- botan
|
botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.
|
2017-04-10
| ||
botan_project -- botan
|
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match forbar.foo.example.com.
|
2017-04-10
| ||
botan_project -- botan
|
The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.
|
2017-04-10
| ||
cisco -- aironet_access_point
|
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).
「root Linuxシェルはトラブルシューティングの為に提供されるとは
自組織内ではID管理の徹底を。運用外注の場合はroot作業の
BIDによるとアップデートが有るので、摘要すれば良い、
|
2017-04-07
| ||
cisco -- firepower_extensible_
|
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115).
|
2017-04-07
| ||
cisco -- firepower_extensible_
|
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69).
|
2017-04-07
| ||
cisco -- firepower_extensible_
|
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136.
|
2017-04-07
| ||
cisco -- firepower_management_center
|
A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.
|
2017-04-07
| ||
cisco -- mobility_services_engine
|
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).
|
2017-04-07
| ||
cloudviewnms -- cloudview_nms
|
CloudView NMS before 2.10a has a format string issue exploitable over SNMP.
Ref.
CloudView NMS: Network Management, Monitoring and SCADA Solution
|
2017-04-09
| ||
dataprobe -- ibootbar_firmware
|
Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.
|
2017-04-07
| ||
dataprobe -- ibootbar_firmware
|
Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.
|
2017-04-07
| ||
dell -- integrated_remote_access_
|
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.
アップデートが有るので、摘要すれば良い。
次善策としては前述のID管理や作業監視だろうなぁ
|
2017-04-09
| ||
dell -- integrated_remote_access_
|
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.
|
2017-04-09
| ||
dell -- integrated_remote_access_
|
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.
|
2017-04-09
| ||
gnu -- binutils
|
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.
|
2017-04-09
| ||
google -- android
|
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.
|
2017-04-07
| ||
google -- android
|
他にもMediaserverプロセスの権限で、コード実行。
CVSS Scoreはいずれも9.3
影響あるAndroidバージョン4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1.(個々のCVEでは、一部のversionに留まる
|
2017-04-07
| ||
google -- android
|
他にCameraBase (CVE-2017-0544), Audioserver (CVE-2017-0545), SurfaceFlinger (CVE-2017-0546),等で、任意のコード実行、委細割愛
|
2017-04-07
| ||
google -- android
|
remote DoS in libskia (CVE-2017-0548), libavc (CVE-2017-0549, CVE-2017-0550, CVE-2017-0551, CVE-2017-0552) in Mediaserver
|
2017-04-07
| ||
gynoii -- gcw-1010
|
Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.
|
2017-04-09
| ||
ibaby -- m3s_baby_monitor_firmware
|
iBaby M3S has a password of admin for the backdoor admin account.
|
2017-04-09
| ||
lens_laboratories -- peek-a-view_firmware
|
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.
|
2017-04-09
| ||
linux -- linux_kernel
|
An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067.
|
2017-04-07
| ||
linux -- linux_kernel
|
An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.
|
2017-04-07
| ||
linux -- linux_kernel
|
A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.
他にBroadcom Wi-Fi driverに関する rate high, score 7.6の脆弱性も。
|
2017-04-07
| ||
linux -- linux_kernel
|
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409.
別の permanent device compromise で、CVE-2017-0564 も score 9.3
|
2017-04-07
| ||
linux -- linux_kernel
|
他にも、色々。一部抜粋すると・・・
An elevation of privilege vulnerability
in the Qualcomm Wi-Fi driver (CVE-2017-0575)
in the Qualcomm crypto engine driver (CVE-2017-0576)
in the HTC touchscreen driver (CVE-2017-0577)
in the Qualcomm video driver (CVE-2017-0579)
in the Synaptics Touchscreen driver (CVE-2017-0580)
in the Synaptics Touchscreen driver (CVE-2017-0581)
in the HTC OEM fastboot command (CVE-2017-0582)
in the Qualcomm CP access driver (CVE-2017-0583)
・・・
crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a DoS (CVE-2017-7618)
|
2017-04-07
| ||
news_system_project -- news_system
|
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
|
2017-04-07
| ||
ninka_project -- ninka
|
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.
|
2017-04-10
| ||
osram -- lightify_home
|
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.
アプリでお好みの明るさ、色を選べる模様。 目覚ましの他、「留守中に、
|
2017-04-09
| ||
philips -- in.sight_b120\37
|
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.
|
2017-04-09
| ||
proxygen_project -- proxygen
|
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.
|
2017-04-09
| ||
schneider-electric -- conext_combox_865-1058_
|
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
|
2017-04-07
| ||
sierrawireless -- aleos_firmware
|
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
|
2017-04-09
| ||
sierrawireless -- aleos_firmware
|
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
|
2017-04-09
| ||
sierrawireless -- aleos_firmware
|
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
|
2017-04-09
| ||
sophos -- cyberoam_cr25ing_utm_firmware
|
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
|
2017-04-07
| ||
summer_infant -- baby_zoom_wifi_monitor_
|
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.
|
2017-04-09
| ||
trendnet -- tv-ip743sic
|
TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.
|
2017-04-09
| ||
vertivco -- liebert_multilink_automated_
|
Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.
|
2017-04-09
|
No comments:
Post a Comment