U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Bulletin (SB17-156)

Vulnerability Summary for the Week of May 29, 2017

Original release date: June 05, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- hiveApache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.2017-05-305.0CVE-2016-3083
BID
MLIST
fortinet -- fortiportalAn improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.2017-05-266.4CVE-2017-7337
CONFIRM
fortinet -- fortiportalA password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.2017-05-265.0CVE-2017-7338
CONFIRM
fortinet -- fortiportalA Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.2017-05-264.3CVE-2017-7339
CONFIRM
fortinet -- fortiportalAn open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.2017-05-265.8CVE-2017-7343
CONFIRM
fortinet -- fortiportalA weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.2017-05-265.0CVE-2017-7731
CONFIRM
fortinet -- fortiwebA Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.2017-05-264.3CVE-2017-3129
BID
CONFIRM
ibm -- inotesIBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.2017-05-264.3CVE-2017-1325
CONFIRM
MISC
ibm -- maximo_asset_management_essentialsIBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.2017-05-265.0CVE-2017-1292
CONFIRM
MISC
linux -- linux_kernelThe __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.2017-05-264.9CVE-2017-9242
CONFIRM
BID
CONFIRM
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ibm -- maximo_asset_management_essentialsIBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.2017-05-263.5CVE-2017-1291
CONFIRM
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
allen_disk -- allen_disk
 
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.2017-05-31not yet calculatedCVE-2017-9307
MISC
allen_disk -- allen_disk
 
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php.2017-05-28not yet calculatedCVE-2017-9249
BID
MISC
andrzuk/finecms -- andrzuk/finecmsandrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.2017-05-28not yet calculatedCVE-2017-9252
MISC
andrzuk/finecms -- andrzuk/finecms
 
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.2017-05-28not yet calculatedCVE-2017-9251
MISC
apache -- knox
 
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release.2017-05-26not yet calculatedCVE-2017-5646
MLIST
BID
apache -- open_vswitchIn Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.2017-05-29not yet calculatedCVE-2017-9265
CONFIRM
apache -- open_vswitch
 
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.2017-05-29not yet calculatedCVE-2016-10377
CONFIRM
apache -- open_vswitch
 
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.2017-05-29not yet calculatedCVE-2017-9263
CONFIRM
apache -- open_vswitch
 
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.2017-05-29not yet calculatedCVE-2017-9264
CONFIRM
aries -- qwr-1104_wireless-n_router
 
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.2017-05-28not yet calculatedCVE-2017-9243
MISC
EXPLOIT-DB
atlassian -- eucalyptus
 
Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors.2017-06-01not yet calculatedCVE-2017-7999
CONFIRM
bigtree -- bigtree
 
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.2017-06-02not yet calculatedCVE-2017-9364
CONFIRM
CONFIRM
bigtree -- bigtree
 
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.2017-06-02not yet calculatedCVE-2017-9365
CONFIRM
CONFIRM
bigtree -- bigtree
 
BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted.2017-06-02not yet calculatedCVE-2017-9378
MISC
MISC
bigtree -- bigtree
 
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.2017-06-02not yet calculatedCVE-2017-9379
MISC
bram_korsten_note -- bram_korsten_note
 
Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter).2017-05-29not yet calculatedCVE-2017-9289
CONFIRM
canonical -- juju
 
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.2017-05-27not yet calculatedCVE-2017-9232
BID
CONFIRM
ceragon -- fibeair_ip-10
 
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.2017-06-01not yet calculatedCVE-2015-0936
MISC
MISC
FULLDISC
BID
MISC
MISC
chicken_scheme -- chicken_scheme
 
An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.2017-06-01not yet calculatedCVE-2017-9334
CONFIRM
CONFIRM
cygnux.org -- syspass

 
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.2017-05-31not yet calculatedCVE-2017-9306
MISC
digium -- asterisk
 
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.2017-06-02not yet calculatedCVE-2017-9359
CONFIRM
CONFIRM
CONFIRM
digium -- asterisk
 
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing a infinite loop and leading to memory exhaustion (by message logging in that loop).2017-06-02not yet calculatedCVE-2017-9358
CONFIRM
CONFIRM
digium -- asterisk
 
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.2017-06-02not yet calculatedCVE-2017-9372
CONFIRM
CONFIRM
e107 -- e107
 
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.2017-05-29not yet calculatedCVE-2016-10378
MISC
exiv2 -- exiv2
 
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.2017-05-26not yet calculatedCVE-2017-9239
MISC
BID
MISC
flipbuilder -- flipbuilder
 
Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter.2017-06-01not yet calculatedCVE-2017-7384
MISC
forinet -- fortiwlc-sd
 
An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.2017-05-26not yet calculatedCVE-2017-3134
BID
CONFIRM
fortinet -- forticlient
 
A potential execution of unauthorized code or commands vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.2 and below allows attacker to potentially overwrite an existing file via the FortiClient log file.2017-05-26not yet calculatedCVE-2016-8496
BID
CONFIRM
fortinet -- forticlient
 
An escalation of privilege vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.3 and below allows an attacker to gain root privilege via the subproc file.2017-05-26not yet calculatedCVE-2016-8497
BID
CONFIRM
fortinet -- fortigate
 
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.2017-06-01not yet calculatedCVE-2017-3127
BID
CONFIRM
fortinet -- fortinet_fortianalyzer
 
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.2017-05-26not yet calculatedCVE-2017-3126
BID
CONFIRM
freeradius -- freeradius
 
The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.2017-05-29not yet calculatedCVE-2017-9148
MISC
MISC
BID
git -- git-shell
 
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.2017-06-01not yet calculatedCVE-2017-8386
SUSE
MLIST
DEBIAN
BID
SECTRACK
UBUNTU
MISC
CONFIRM
FEDORA
FEDORA
FEDORA
hitachi -- device_manager
 
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.2017-05-29not yet calculatedCVE-2017-9295
CONFIRM
BID
hitachi -- device_manager
 
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.2017-05-29not yet calculatedCVE-2017-9298
CONFIRM
hitachi -- device_manager
 
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.2017-05-29not yet calculatedCVE-2017-9297
CONFIRM
BID
hitachi -- device_manager
 
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.2017-05-29not yet calculatedCVE-2017-9296
CONFIRM
BID
hitachi -- device_manager
 
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.2017-05-29not yet calculatedCVE-2017-9294
CONFIRM
BID
imagemagick -- imagemagick
 
In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-06-02not yet calculatedCVE-2017-9409
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-06-02not yet calculatedCVE-2017-9407
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.2017-06-02not yet calculatedCVE-2017-9405
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-05-29not yet calculatedCVE-2017-9262
BID
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-05-29not yet calculatedCVE-2017-9261
BID
CONFIRM
intel -- solid_state
 
There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.2017-05-31not yet calculatedCVE-2017-5688
BID
CONFIRM
jerryscript -- jerryscript
 
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.2017-05-28not yet calculatedCVE-2017-9250
CONFIRM
CONFIRM
CONFIRM
joomla -- joomla
 
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.2017-05-29not yet calculatedCVE-2016-10379
MISC
BID
juniper_networks -- junos_os

 
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition.2017-05-30not yet calculatedCVE-2017-2302
BID
CONFIRM
juniper_networks -- junos_os

 
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition.2017-05-30not yet calculatedCVE-2017-2303
BID
CONFIRM
juniper_networks -- junos_os
 
On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D12 or 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R7, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D60, 15.1X53 prior to 15.1X53-D30 and DHCPv6 enabled, when a crafted DHCPv6 packet is received from a subscriber, jdhcpd daemon crashes and restarts. Repeated crashes of the jdhcpd process may constitute an extended denial of service condition for subscribers attempting to obtain IPv6 addresses.2017-05-30not yet calculatedCVE-2017-2301
BID
CONFIRM
juniper_networks -- junos_os

 
Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'2017-05-30not yet calculatedCVE-2017-2304
BID
CONFIRM
juniper_networks -- junos_space

 
On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition.2017-05-30not yet calculatedCVE-2017-2311
BID
CONFIRM
juniper_networks -- junos_space
 
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.2017-05-30not yet calculatedCVE-2017-2308
BID
CONFIRM
juniper_networks -- junos_space

 
On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk.2017-05-30not yet calculatedCVE-2017-2309
BID
CONFIRM
juniper_networks -- junos_space
 
A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk.2017-05-30not yet calculatedCVE-2017-2310
BID
CONFIRM
juniper_networks -- junos_space

 
A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.2017-05-30not yet calculatedCVE-2017-2307
BID
CONFIRM
juniper_networks -- junos_space
 
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.2017-05-30not yet calculatedCVE-2017-2305
BID
CONFIRM
juniper_networks -- junos_space

 
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.2017-05-30not yet calculatedCVE-2017-2306
BID
CONFIRM
juniper_networks -- srx_series_services_gateways
 
On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets.2017-05-30not yet calculatedCVE-2017-2300
BID
CONFIRM
lansweeper -- lansweeper
 
Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.2017-05-29not yet calculatedCVE-2017-9292
CONFIRM
laravel -- laravel
 
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.2017-05-29not yet calculatedCVE-2017-9303
BID
CONFIRM
libming -- libming
 
The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error.2017-05-31not yet calculatedCVE-2017-8782
MISC
libtiff -- libtiff
 
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.2017-06-02not yet calculatedCVE-2017-9403
CONFIRM
libtiff -- libtiff
 
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.2017-06-02not yet calculatedCVE-2017-9404
CONFIRM
microsoft -- malware_protection_engineThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8537
BID
CONFIRM
microsoft -- malware_protection_engine
 
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541.2017-05-26not yet calculatedCVE-2017-8538
BID
CONFIRM
microsoft -- malware_protection_engine
 
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.2017-05-26not yet calculatedCVE-2017-8540
BID
CONFIRM
microsoft -- malware_protection_engine
 
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540.2017-05-26not yet calculatedCVE-2017-8541
BID
CONFIRM
microsoft -- malware_protection_engine
 
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8539
BID
CONFIRM
microsoft -- malware_protection_engine
 
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8535
BID
CONFIRM
microsoft -- malware_protection_engine
 
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8536
BID
CONFIRM
microsoft -- malware_protection_engine
 
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.2017-05-26not yet calculatedCVE-2017-8542
BID
CONFIRM
moxa -- oncell
 
A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.2017-05-29not yet calculatedCVE-2017-7913
MISC
moxa -- oncell
 
A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device.2017-05-29not yet calculatedCVE-2017-7917
MISC
moxa -- oncell
 
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication.2017-05-29not yet calculatedCVE-2017-7915
MISC
netgear -- wnr2000_devices
 
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.2017-05-26not yet calculatedCVE-2017-6862
BID
CONFIRM
nss -- nss
 
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.2017-05-30not yet calculatedCVE-2017-7502
BID
CONFIRM
open_ticket_request_system -- open_ticket_request_system
 
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks.2017-05-29not yet calculatedCVE-2017-9299
MISC
openemr -- openemr
 
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.2017-06-02not yet calculatedCVE-2017-9380
MISC
openldap -- openldap
 
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.2017-05-29not yet calculatedCVE-2017-9287
CONFIRM
BID
CONFIRM
palo_alto_networks -- panorama_vm_appliance
 
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.2017-06-01not yet calculatedCVE-2015-6531
BID
MISC
perl -- perl
 
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.2017-06-01not yet calculatedCVE-2017-6512
CONFIRM
CONFIRM
phoenix_broadband_technologies -- poweragent_sc3_bms
 
A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.2017-06-02not yet calculatedCVE-2017-6039
MISC
pivotx -- pivotx
 
PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.2017-05-31not yet calculatedCVE-2017-8402
MISC
poppler -- poppler
 
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.2017-06-02not yet calculatedCVE-2017-9408
CONFIRM
poppler -- poppler
 
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.2017-06-02not yet calculatedCVE-2017-9406
CONFIRM
poppler -- poppler
 
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.2017-05-30not yet calculatedCVE-2017-7511
CONFIRM
qemu -- qemu
 
Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.2017-06-01not yet calculatedCVE-2017-9060
CONFIRM
MLIST
MISC
realnetworks -- realplayer
 
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.2017-05-29not yet calculatedCVE-2017-9302
MISC
BID
samba -- samba
 
Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.2017-05-30not yet calculatedCVE-2017-7494
BID
CONFIRM
samsung -- syncthru_admin_6
 
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.2017-06-01not yet calculatedCVE-2015-5473
BID
MISC
MISC
MISC
MISC
MISC
MISC
soffid -- soffid_iam
 
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.2017-06-02not yet calculatedCVE-2017-9363
CONFIRM
telaxus -- epesi
 
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter.2017-06-01not yet calculatedCVE-2017-9331
CONFIRM
CONFIRM
telaxus -- epesi
 
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.2017-06-02not yet calculatedCVE-2017-9366
CONFIRM
CONFIRM
the_foreman -- the_foreman
 
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.2017-05-26not yet calculatedCVE-2017-7505
CONFIRM
BID
CONFIRM
tiki_software -- tiki_wiki_cms_groupware
 
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.2017-05-31not yet calculatedCVE-2017-9305
MISC
MISC
videolan_organization -- videolan_vlc_media_player
 
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.2017-05-29not yet calculatedCVE-2017-9301
MISC
BID
videolan_organization -- videolan_vlc_media_player
 
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.2017-05-29not yet calculatedCVE-2017-9300
MISC
BID
vmware -- horizon_daas
 
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.2017-05-31not yet calculatedCVE-2017-4897
BID
CONFIRM
websitebaker -- websitebaker
 
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.2017-06-02not yet calculatedCVE-2017-9361
MISC
websitebaker -- websitebaker
 
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.2017-06-02not yet calculatedCVE-2017-9360
MISC
wireshark_foundation -- wiresharkIn Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.2017-06-02not yet calculatedCVE-2017-9350
MISC
MISC
MISC
MISC
wireshark_foundation -- wireshark
 
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.2017-06-02not yet calculatedCVE-2017-9345
MISC
MISC
MISC
MISC
wireshark_foundation -- wireshark
 
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.2017-06-02not yet calculatedCVE-2017-9344
MISC
MISC
MISC
MISC
wireshark_foundation -- wireshark
 
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.2017-06-02not yet calculatedCVE-2017-9343
MISC
MISC
MISC
MISC
wireshark_foundation -- wireshark
 
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.2017-06-02not yet calculatedCVE-2017-9352
MISC
MISC
MISC
wireshark_foundation -- wireshark
 
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.2017-06-02not yet calculatedCVE-2017-9346
MISC
MISC
MISC
MISC
wireshark_foundation -- wireshark
 
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.2017-06-02not yet calculatedCVE-2017-9353
MISC
MISC
MISC
MISC
wireshark_foundation -- wireshark
 
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.2017-06-02not yet calculatedCVE-2017-9347
MISC
MISC
MISC
MISC
wireshark_foundation -- wireshark
 
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.2017-06-02not yet calculatedCVE-2017-9354
MISC
MISC
MISC
MISC
wireshark_foundation -- wireshark
 
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.2017-06-02not yet calculatedCVE-2017-9349
MISC
MISC
MISC
MISC
wireshark_foundation -- wireshark
 
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.2017-06-02not yet calculatedCVE-2017-9348
MISC
MISC
MISC
MISC
wireshark_foundation -- wireshark
 
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.2017-06-02not yet calculatedCVE-2017-9351
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).2017-05-29not yet calculatedCVE-2017-9288
MISC
MISC
MISC
wordpress -- wordpress
 
The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.2017-06-01not yet calculatedCVE-2017-9336
MISC
wordpress -- wordpress
 
The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.2017-06-01not yet calculatedCVE-2017-9337
MISC
yara -- yara
 
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.2017-05-31not yet calculatedCVE-2017-9304
CONFIRM
CONFIRM
zulip -- zulip_server
 
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.2017-06-02not yet calculatedCVE-2017-0896
MISC
MLIST
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top