Vulnerabilities

CVE-2017-100020


parser change. by mmosemmle · Pull Request #481 · swagger-api/swagger-parser · GitHub Arbitrary code execution via Swagger YAML parser (CVE-2017-1000207 and CVE-2017-1000208) - Blog - lgtm
A vulnerability in Swagger-Parser's version

CVE-2017-100020


Release Swagger-parser 1.0.31 released! · swagger-api/swagger-parser · GitHub Arbitrary code execution via Swagger YAML parser (CVE-2017-1000207 and CVE-2017-1000208) - Blog - lgtm
A vulnerability in Swagger-Parser's (version

CVE-2017-100038


** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-16355. Reason: This candidate is a reservation duplicate of CVE-2017-16355. Notes: All CVE users should reference CVE-2017-16355 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2017-100038


The ROBOT Attack - Return of Bleichenbacher's Oracle Threat
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

CVE-2017-100040


CVE-2017-1000407 - Red Hat Customer Portal
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

CVE-2017-10904


Security advisory about Qt for Android - Qt Blog
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

CVE-2017-10905


Security advisory about Qt for Android - Qt Blog
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.

CVE-2017-11397


Fortinet Discovers Trend Micro Email Encryption Client DLL Preloading Vulnerability | FortiGuard
A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.

CVE-2017-12373


Apache Tomcat/7.0.54 - Error report
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.

CVE-2017-14090


Resolve multiple vulnerabilities - ScanMail for Exchange Trend Micro ScanMail for Microsoft Exchange Multiple Vulnerabilities | Core Security
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.

CVE-2017-14091


Resolve multiple vulnerabilities - ScanMail for Exchange Trend Micro ScanMail for Microsoft Exchange Multiple Vulnerabilities | Core Security
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.

CVE-2017-14092


Resolve multiple vulnerabilities - ScanMail for Exchange Trend Micro ScanMail for Microsoft Exchange Multiple Vulnerabilities | Core Security
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.

CVE-2017-14093


Resolve multiple vulnerabilities - ScanMail for Exchange Trend Micro ScanMail for Microsoft Exchange Multiple Vulnerabilities | Core Security
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.

CVE-2017-14101


Conserus Image Repository XML external entity vulnerability, NTT  Security
A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker.

CVE-2017-14184


302 Found
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.

CVE-2017-15890


Synology-SA-17:75 MailPlus Server | Synology Inc.
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.

CVE-2017-16776


Conserus Workflow Intelligence authentication bypass vulnerability, NTT  Security
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other ac

CVE-2017-16787


The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.

CVE-2017-16788


Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.

CVE-2017-17405


CVE-2017-17405: Command injection vulnerability in Net::FTP Ruby 2.4.3 Released
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.

CVE-2017-17556


Blog | TouchPad Security Brief | Synaptics HP keylogger – Bytes – ZwClose on bytes
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.

CVE-2017-17670


oss-security - CVE-2017-17670: vlc: type conversion vulnerability
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

CVE-2017-17693


Vulnerabilities-Report/Techno-Portfolio-Management-Panel.md at master · d4wner/Vulnerabilities-Report · GitHub
Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.

CVE-2017-17694


Vulnerabilities-Report/Techno-Portfolio-Management-Panel.md at master · d4wner/Vulnerabilities-Report · GitHub
Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.

CVE-2017-17695


Vulnerabilities-Report/Techno-Portfolio-Management-Panel.md at master · d4wner/Vulnerabilities-Report · GitHub
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.

CVE-2017-17696


Vulnerabilities-Report/Techno-Portfolio-Management-Panel.md at master · d4wner/Vulnerabilities-Report · GitHub
Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.

CVE-2017-17697


There is a SSRF security vulnerability · Issue #3755 · vmware/harbor · GitHub
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.

CVE-2017-17698


Privileged Password Management Release Notes | Password Manager Pro
Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.

CVE-2017-17699


K7-Antivirus/cve3 at master · mmmxny/K7-Antivirus · GitHub
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.

CVE-2017-17700


K7-Antivirus/cve1 at master · mmmxny/K7-Antivirus · GitHub
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.

CVE-2017-17701


K7-Antivirus/cve2 at master · mmmxny/K7-Antivirus · GitHub
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.

CVE-2017-17712


http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483 net: ipv4: fix for a race condition in raw_sendmsg · torvalds/linux@8f659a0 · GitHub
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.

CVE-2017-3184


Security Information on Twitter: "#vulnerability #security : Vuln: ACTi Cameras Models Multiple Security Vulnerabilities https://t.co/63VXmjmlHL" Howard Fuhs on Twitter: "Vulnerability VU#355151 ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities https://t.co/cyHbHyv8JE"
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).

CVE-2017-3185


Security Information on Twitter: "#vulnerability #security : Vuln: ACTi Cameras Models Multiple Security Vulnerabilities https://t.co/63VXmjmlHL" Howard Fuhs on Twitter: "Vulnerability VU#355151 ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities https://t.co/cyHbHyv8JE"
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.

CVE-2017-3186


Security Information on Twitter: "#vulnerability #security : Vuln: ACTi Cameras Models Multiple Security Vulnerabilities https://t.co/63VXmjmlHL" Howard Fuhs on Twitter: "Vulnerability VU#355151 ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities https://t.co/cyHbHyv8JE"
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.

CVE-2017-3190


Flash Seats Mobile App for iOS fails to validate SSL certificates | Wilders Security Forums
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

CVE-2017-3191


https://exchange.xforce.ibmcloud.com/vulnerabilities/123293 Object moved Error | Wilders Security Forums
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.

CVE-2017-3192


https://exchange.xforce.ibmcloud.com/vulnerabilities/123292 Object moved Error | Wilders Security Forums
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.

CVE-2017-3193


Apache Tomcat/7.0.54 - Error report NCC Group Infosec on Twitter: "NCC Group Advisory: D-LINK DIR-850L pre-auth web admin interface stack-based buffer overflow - https://t.co/US9IWvjq0g by @zlowram_"
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.

CVE-2017-3194


https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018 Object moved
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

CVE-2017-3195


Commvault Edge (CVE-2017-3195)
Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.

CVE-2017-3196


  PCAUSA Rawether for Windows local privilege escalation
PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.

Techno

Arstechnica