Weekly Update: a new vulnerability is published on the National Vulnerability Database (15 items)

New vulnerabilities from the NVD: CVE-2018-12384 When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. Published at: April 29, 2019 at 06:29PM View on website April 29, 2019 at 08:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10749 parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character. Published at: April 29, 2019 at 05:29PM View on website April 29, 2019 at 08:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9285 esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. Published at: April 29, 2019 at 05:29PM View on website April 29, 2019 at 08:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9286 Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. Published at: April 30, 2019 at 05:29PM View on website April 30, 2019 at 08:07PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-10055 (tensorflow) Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file. Published at: April 24, 2019 at 08:29PM View on website May 01, 2019 at 12:07AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14559 (ac10_firmware, ac7_firmware, ac9_firmware) An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. Published at: April 25, 2019 at 11:29PM View on website May 02, 2019 at 09:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14557 (ac10_firmware, ac7_firmware, ac9_firmware) An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow. Published at: April 25, 2019 at 11:29PM View on website May 02, 2019 at 09:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12244 (endpoint_protection) SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files. Published at: April 25, 2019 at 10:29PM View on website May 02, 2019 at 09:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-18374 The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes. Published at: May 02, 2019 at 08:29PM View on website May 02, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-18373 The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes. Published at: May 02, 2019 at 08:29PM View on website May 02, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-18372 The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373. Published at: May 02, 2019 at 08:29PM View on website May 02, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-18371 The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes. Published at: May 02, 2019 at 08:29PM View on website May 02, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-18370 The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371. Published at: May 02, 2019 at 08:29PM View on website May 02, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-18369 The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter. Published at: May 02, 2019 at 08:29PM View on website May 02, 2019 at 11:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-18368 The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter. Published at: May 02, 2019 at 08:29PM View on website May 02, 2019 at 11:02PM via National Vulnerability Database Manage this Applet