вторник, 21 май 2019 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (34 items)


New vulnerabilities from the NVD: CVE-2017-9376

ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
Published at: March 25, 2019 at 06:29PM
View on website

March 25, 2019 at 10:14PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-9362

ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
Published at: March 25, 2019 at 06:29PM
View on website

March 25, 2019 at 10:14PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-3954

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Published at: March 25, 2019 at 07:29PM
View on website

March 25, 2019 at 10:14PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-3953

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Published at: March 25, 2019 at 07:29PM
View on website

March 25, 2019 at 10:14PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-3952

Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Published at: March 25, 2019 at 06:29PM
View on website

March 25, 2019 at 10:14PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-7510

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
Published at: March 25, 2019 at 08:29PM
View on website

March 26, 2019 at 12:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-3956

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.
Published at: March 25, 2019 at 08:29PM
View on website

March 26, 2019 at 12:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-1014

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.
Published at: March 25, 2019 at 09:29PM
View on website

March 26, 2019 at 12:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-1012

Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.
Published at: March 25, 2019 at 09:29PM
View on website

March 26, 2019 at 12:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-1007

A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.
Published at: March 25, 2019 at 09:29PM
View on website

March 26, 2019 at 12:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-7340

A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.
Published at: March 25, 2019 at 11:29PM
View on website

March 26, 2019 at 02:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-9189

Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
Published at: March 25, 2019 at 10:29PM
View on website

March 26, 2019 at 02:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-9187

Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
Published at: March 25, 2019 at 10:29PM
View on website

March 26, 2019 at 02:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-7342

A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
Published at: March 26, 2019 at 12:29AM
View on website

March 26, 2019 at 04:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-5434

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.
Published at: March 26, 2019 at 05:29PM
View on website

March 26, 2019 at 08:13PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-5433

An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.
Published at: March 26, 2019 at 06:29PM
View on website

March 26, 2019 at 10:13PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-5432

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.
Published at: March 26, 2019 at 06:29PM
View on website

March 26, 2019 at 10:13PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-5431

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.
Published at: March 26, 2019 at 06:29PM
View on website

March 26, 2019 at 10:13PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-5401

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.
Published at: March 26, 2019 at 07:29PM
View on website

March 26, 2019 at 10:13PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-2807

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?Total Record Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size? that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
Published at: March 26, 2019 at 07:29PM
View on website

March 26, 2019 at 10:13PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-2806

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?End of Current Record? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size.? Then the service will calculate an incorrect value for the ?End of Current Record? field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
Published at: March 26, 2019 at 07:29PM
View on website

March 26, 2019 at 10:13PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-2805

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the ?Record Data Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599
Published at: March 26, 2019 at 08:29PM
View on website

March 27, 2019 at 12:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-5305

The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product?s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.
Published at: March 26, 2019 at 08:29PM
View on website

March 27, 2019 at 12:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-10744

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.
Published at: March 27, 2019 at 06:29AM
View on website

March 27, 2019 at 08:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-2752

A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.
Published at: March 27, 2019 at 07:29PM
View on website

March 27, 2019 at 08:39PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-2748

A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.
Published at: March 27, 2019 at 07:29PM
View on website

March 27, 2019 at 08:39PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18364

phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.
Published at: March 27, 2019 at 07:29PM
View on website

March 27, 2019 at 08:39PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-9166 (netiq_edirectory)

NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.
Published at: March 21, 2019 at 05:59PM
View on website

March 27, 2019 at 10:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18365

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.
Published at: March 28, 2019 at 08:29AM
View on website

March 28, 2019 at 12:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18110

The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.
Published at: March 29, 2019 at 04:29PM
View on website

March 29, 2019 at 06:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18109

The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
Published at: March 29, 2019 at 04:29PM
View on website

March 29, 2019 at 06:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18108

The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.
Published at: March 29, 2019 at 04:29PM
View on website

March 29, 2019 at 06:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18106

The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.
Published at: March 29, 2019 at 04:29PM
View on website

March 29, 2019 at 06:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18105

The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.
Published at: March 29, 2019 at 04:29PM
View on website

March 29, 2019 at 06:38PM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар