понеделник, 30 юли 2018 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (27 items)



New vulnerabilities from the NVD: CVE-2016-5649

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface.
Published at: July 24, 2018 at 06:29PM
View on website

July 24, 2018 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-5638

There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.
Published at: July 24, 2018 at 06:29PM
View on website

July 24, 2018 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-10937

SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.
Published at: July 25, 2018 at 06:29PM
View on website

July 25, 2018 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-10936

SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.
Published at: July 25, 2018 at 06:29PM
View on website

July 25, 2018 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-10935

All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password.
Published at: July 25, 2018 at 06:29PM
View on website

July 25, 2018 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-10934

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
Published at: July 25, 2018 at 06:29PM
View on website

July 25, 2018 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-2637

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.
Published at: July 26, 2018 at 03:29PM
View on website

July 26, 2018 at 05:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-2664

CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges.
Published at: July 26, 2018 at 05:29PM
View on website

July 26, 2018 at 07:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-2589

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
Published at: July 26, 2018 at 06:29PM
View on website

July 26, 2018 at 07:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12610

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.
Published at: July 26, 2018 at 05:29PM
View on website

July 26, 2018 at 07:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8647

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
Published at: July 26, 2018 at 05:29PM
View on website

July 26, 2018 at 07:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12175

Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.
Published at: July 26, 2018 at 08:29PM
View on website

July 26, 2018 at 09:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12171

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.
Published at: July 26, 2018 at 08:29PM
View on website

July 26, 2018 at 09:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12167

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.
Published at: July 26, 2018 at 08:29PM
View on website

July 26, 2018 at 09:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12164

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
Published at: July 26, 2018 at 07:29PM
View on website

July 26, 2018 at 09:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12163

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
Published at: July 26, 2018 at 07:29PM
View on website

July 26, 2018 at 09:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12150

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
Published at: July 26, 2018 at 09:29PM
View on website

July 26, 2018 at 11:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-9261

huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
Published at: July 26, 2018 at 10:29PM
View on website

July 26, 2018 at 11:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12151

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
Published at: July 27, 2018 at 03:29PM
View on website

July 27, 2018 at 05:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12195

A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices.
Published at: July 27, 2018 at 06:29PM
View on website

July 27, 2018 at 07:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12165

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
Published at: July 27, 2018 at 06:29PM
View on website

July 27, 2018 at 07:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12173

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
Published at: July 27, 2018 at 07:29PM
View on website

July 27, 2018 at 09:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-12148

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.
Published at: July 27, 2018 at 07:29PM
View on website

July 27, 2018 at 09:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-9595

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
Published at: July 27, 2018 at 09:29PM
View on website

July 27, 2018 at 11:45PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
Published at: July 28, 2018 at 12:29AM
View on website

July 28, 2018 at 01:46AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-9578

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
Published at: July 28, 2018 at 12:29AM
View on website

July 28, 2018 at 01:46AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-9577

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
Published at: July 27, 2018 at 11:29PM
View on website

July 28, 2018 at 01:46AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар