Weekly Vulnerabilities Reports > May 29 to June 4, 2017

Overview

108 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 44 high severity vulnerabilities. This weekly summary report vulnerabilities in 78 products from 64 vendors including Wireshark, Juniper, Debian, Lenovo, and Bigtreecms. Vulnerabilities are notably categorized as "Cross-site Scripting", "Missing Release of Resource after Effective Lifetime", "Improper Input Validation", "Infinite Loop", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 94 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 84 reported vulnerabilities are exploitable by an anonymous user.
  • Wireshark has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Moxa has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-06-04 CVE-2017-9417 Broadcom Unspecified vulnerability in Broadcom Bcm43Xx Wi-Fi Chipset Firmware

Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.

9.8
2017-06-02 CVE-2017-9364 Bigtreecms Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS

Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.

9.8
2017-06-02 CVE-2017-9363 Soffid Deserialization of Untrusted Data vulnerability in Soffid IAM 1.7.4

Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.

9.8
2017-06-02 CVE-2017-9360 Websitebaker SQL Injection vulnerability in Websitebaker 2.10.0

WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.

9.8
2017-06-01 CVE-2015-5473 Samsung Path Traversal vulnerability in Samsung Syncthru 6

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.

9.8
2017-06-01 CVE-2015-0936 Ceragon Key Management Errors vulnerability in Ceragon Fibeair Ip-10 Firmware

Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.

9.8
2017-05-30 CVE-2017-7494 Samba
Debian
Code Injection vulnerability in multiple products

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

9.8
2017-05-29 CVE-2017-9294 Hitachi Unspecified vulnerability in Hitachi Device Manager

RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.

9.8
2017-05-29 CVE-2017-9148 Freeradius Improper Authentication vulnerability in Freeradius

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.

9.8
2017-05-29 CVE-2017-7915 Moxa Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa products

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA.

9.8
2017-05-29 CVE-2017-7913 Moxa Insufficiently Protected Credentials vulnerability in Moxa products

A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA.

9.8
2017-05-29 CVE-2017-9265 Openvswitch Out-of-bounds Read vulnerability in Openvswitch 2.7.0

In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.

9.8
2017-05-29 CVE-2017-9264 Openvswitch Out-of-bounds Read vulnerability in Openvswitch 2.6.1

In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.

9.8

44 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-06-04 CVE-2017-9427 Bigtreecms SQL Injection vulnerability in Bigtreecms Bigtree CMS

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php.

8.8
2017-06-04 CVE-2016-8229 Lenovo Cross-Site Request Forgery (CSRF) vulnerability in Lenovo Service Bridge

A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.

8.8
2017-06-02 CVE-2017-9380 Open EMR Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr

OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.

8.8
2017-06-02 CVE-2017-9379 Bigtreecms Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS

Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.

8.8
2017-06-02 CVE-2017-9365 Bigtreecms Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS

CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false.

8.8
2017-06-01 CVE-2017-8386 GIT
Opensuse
Debian
Canonical
Fedoraproject
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
8.8
2017-05-31 CVE-2017-8402 Pivotx Code Injection vulnerability in Pivotx 2.3.11

PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.

8.8
2017-05-30 CVE-2017-2306 Juniper Incorrect Authorization vulnerability in Juniper Junos Space

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.

8.8
2017-05-30 CVE-2017-2305 Juniper Incorrect Authorization vulnerability in Juniper Junos Space

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.

8.8
2017-05-29 CVE-2017-7917 Moxa Cross-Site Request Forgery (CSRF) vulnerability in Moxa products

A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA.

8.8
2017-05-29 CVE-2016-10377 Openvswitch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openvswitch 2.5.0

In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.

8.8
2017-06-04 CVE-2016-8228 Lenovo Permissions, Privileges, and Access Controls vulnerability in Lenovo Service Bridge

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.

7.8
2017-06-01 CVE-2015-6531 Paloaltonetworks Code Injection vulnerability in Paloaltonetworks Pan-Os

Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.

7.8
2017-05-29 CVE-2017-9301 Videolan Out-of-bounds Read vulnerability in Videolan VLC Media Player

plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.

7.8
2017-05-29 CVE-2017-9300 Videolan Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player

plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.

7.8
2017-06-04 CVE-2017-9428 Bigtreecms Path Traversal vulnerability in Bigtreecms Bigtree CMS

A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.

7.5
2017-06-04 CVE-2016-8231 Lenovo Improper Certificate Validation vulnerability in Lenovo Service Bridge

In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.

7.5
2017-06-04 CVE-2016-8230 Lenovo Information Exposure vulnerability in Lenovo Service Bridge

In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.

7.5
2017-06-02 CVE-2017-9372 Digium Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Certified Asterisk and Open Source

PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.

7.5
2017-06-02 CVE-2017-9359 Digium Out-of-bounds Read vulnerability in Digium Certified Asterisk and Open Source

The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

7.5
2017-06-02 CVE-2017-9358 Sangoma
Asterisk
Infinite Loop vulnerability in multiple products

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).

7.5
2017-06-02 CVE-2017-9354 Wireshark Improper Input Validation vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash.

7.5
2017-06-02 CVE-2017-9353 Wireshark Improper Input Validation vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash.

7.5
2017-06-02 CVE-2017-9352 Wireshark Infinite Loop vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop.

7.5
2017-06-02 CVE-2017-9351 Wireshark Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer.

7.5
2017-06-02 CVE-2017-9350 Wireshark Allocation of Resources Without Limits or Throttling vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory.

7.5
2017-06-02 CVE-2017-9349 Wireshark
Debian
Infinite Loop vulnerability in multiple products

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop.

7.5
2017-06-02 CVE-2017-9348 Wireshark Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer.

7.5
2017-06-02 CVE-2017-9347 Wireshark NULL Pointer Dereference vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference.

7.5
2017-06-02 CVE-2017-9346 Wireshark Infinite Loop vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop.

7.5
2017-06-02 CVE-2017-9345 Wireshark Infinite Loop vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop.

7.5
2017-06-02 CVE-2017-9344 Wireshark
Debian
Divide By Zero vulnerability in multiple products

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero.

7.5
2017-06-02 CVE-2017-9343 Wireshark NULL Pointer Dereference vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer.

7.5
2017-06-01 CVE-2017-9334 Call CC Improper Input Validation vulnerability in Call-Cc Chicken

An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.

7.5
2017-05-31 CVE-2017-9304 Virustotal Uncontrolled Recursion vulnerability in Virustotal Yara 3.5.0

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.

7.5
2017-05-30 CVE-2017-7502 Mozilla Unspecified vulnerability in Mozilla Network Security Services

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

7.5
2017-05-30 CVE-2017-2304 Juniper Information Exposure vulnerability in Juniper Junos 14.1X53/15.1/15.1X53

Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets.

7.5
2017-05-30 CVE-2017-2303 Juniper Unspecified vulnerability in Juniper Junos

On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition.

7.5
2017-05-30 CVE-2017-2302 Juniper Unspecified vulnerability in Juniper Junos

On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart.

7.5
2017-05-30 CVE-2017-2301 Juniper Unspecified vulnerability in Juniper Junos

On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D12 or 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R7, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D60, 15.1X53 prior to 15.1X53-D30 and DHCPv6 enabled, when a crafted DHCPv6 packet is received from a subscriber, jdhcpd daemon crashes and restarts.

7.5
2017-05-30 CVE-2017-2300 Juniper Unspecified vulnerability in Juniper Junos

On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets.

7.5
2017-05-30 CVE-2016-3083 Apache Improper Certificate Validation vulnerability in Apache Hive

Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes).

7.5
2017-05-29 CVE-2016-10379 Virtuemart SQL Injection vulnerability in Virtuemart 3.0.14

The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.

7.2
2017-05-29 CVE-2016-10378 E107 SQL Injection vulnerability in E107 2.1.1

e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.

7.2

50 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-05-31 CVE-2017-5688 Intel Unspecified vulnerability in Intel Solid State Drive Toolbox 3.4.3

There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.

6.7
2017-06-04 CVE-2017-9416 Odoo Path Traversal vulnerability in Odoo 10.0/8.0/9.0

Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.

6.5
2017-06-02 CVE-2017-9409 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55

In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.

6.5
2017-06-02 CVE-2017-9408 Freedesktop
Debian
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.

6.5
2017-06-02 CVE-2017-9407 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55

In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.

6.5
2017-06-02 CVE-2017-9406 Freedesktop
Debian
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.

6.5
2017-06-02 CVE-2017-9405 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.55

In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.

6.5
2017-06-02 CVE-2017-9404 Libtiff
Debian
Canonical
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.

6.5
2017-06-02 CVE-2017-9403 Libtiff
Debian
Canonical
Missing Release of Resource after Effective Lifetime vulnerability in multiple products

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.

6.5
2017-06-02 CVE-2017-0896 Zulip Missing Authorization vulnerability in Zulip Server

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.

6.5
2017-06-02 CVE-2017-9378 Bigtreecms Incorrect Authorization vulnerability in Bigtreecms Bigtree CMS

BigTree CMS through 4.2.18 does not prevent a user from deleting their own account.

6.5
2017-06-01 CVE-2017-7999 Eucalyptus Unspecified vulnerability in Eucalyptus

Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors.

6.5
2017-05-31 CVE-2017-9307 Allen Disk Project Server-Side Request Forgery (SSRF) vulnerability in Allen Disk Project Allen Disk 1.6

SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.

6.5
2017-05-31 CVE-2017-8782 Libming Integer Overflow or Wraparound vulnerability in Libming 0.4.8

The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc.

6.5
2017-05-30 CVE-2017-2308 Juniper XXE vulnerability in Juniper Junos Space

An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.

6.5
2017-05-29 CVE-2017-9295 Hitachi XXE vulnerability in Hitachi Device Manager

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.

6.5
2017-05-29 CVE-2017-9287 Openldap
Debian
Redhat
Mcafee
Oracle
Double Free vulnerability in multiple products

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability.

6.5
2017-05-29 CVE-2017-9263 Openvswitch Improper Input Validation vulnerability in Openvswitch 2.7.0

In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.

6.5
2017-05-29 CVE-2017-9262 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56

In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

6.5
2017-05-29 CVE-2017-9261 Imagemagick Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56

In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

6.5
2017-06-04 CVE-2012-6705 Jamroom Cross-site Scripting vulnerability in Jamroom 4.2.6

Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field.

6.1
2017-06-02 CVE-2017-9361 Websitebaker Cross-site Scripting vulnerability in Websitebaker 2.10.0

WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.

6.1
2017-06-01 CVE-2017-7384 Flipbuilder Cross-site Scripting vulnerability in Flipbuilder Flip PDF

Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter.

6.1
2017-06-01 CVE-2017-3127 Fortinet Cross-site Scripting vulnerability in Fortinet Fortios

A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.

6.1
2017-06-01 CVE-2017-9337 Markdown ON Save Improved Project Cross-site Scripting vulnerability in Markdown on Save Improved Project Markdown on Save Improved 2.5

The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.

6.1
2017-06-01 CVE-2017-9336 WP Editor MD Project Cross-site Scripting vulnerability in WP Editor.Md Project WP Editor.Md 1.6

The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.

6.1
2017-05-31 CVE-2017-9306 Syspass Cross-site Scripting vulnerability in Syspass 2.1.9

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.

6.1
2017-05-31 CVE-2017-9305 Tiki Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 16.2

lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.

6.1
2017-05-30 CVE-2017-2307 Juniper Cross-site Scripting vulnerability in Juniper Junos Space

A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.

6.1
2017-05-29 CVE-2017-9303 Laravel Improper Input Validation vulnerability in Laravel 5.4.0

Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.

6.1
2017-05-29 CVE-2017-9299 Otrs Cross-site Scripting vulnerability in Otrs 3.3.9

Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks.

6.1
2017-05-29 CVE-2017-9297 Hitachi Open Redirect vulnerability in Hitachi Device Manager

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.

6.1
2017-05-29 CVE-2017-9296 Hitachi Open Redirect vulnerability in Hitachi Device Manager

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.

6.1
2017-05-29 CVE-2017-9292 Lansweeper Cross-site Scripting vulnerability in Lansweeper

Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.

6.1
2017-05-29 CVE-2017-9289 Note Project Cross-site Scripting vulnerability in Note Project Note

Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter).

6.1
2017-05-29 CVE-2017-9288 Raygun Cross-site Scripting vulnerability in Raygun Raygun4Wp 1.8.0

The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).

6.1
2017-06-01 CVE-2017-6512 File
Canonical
Debian
Race Condition vulnerability in multiple products

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.

5.9
2017-05-30 CVE-2017-2309 Juniper Information Exposure vulnerability in Juniper Junos Space

On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network.

5.9
2017-06-04 CVE-2014-9983 Rarlab Path Traversal vulnerability in Rarlab RAR

Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive.

5.5
2017-06-04 CVE-2017-3740 Lenovo Unspecified vulnerability in Lenovo Active Protection System

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.

5.5
2017-06-01 CVE-2017-9060 Qemu Memory Leak vulnerability in Qemu

Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.

5.5
2017-05-31 CVE-2017-4897 Vmware Improper Input Validation vulnerability in VMWare Horizon Daas 6.1.6

VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data.

5.5
2017-05-30 CVE-2017-7511 Freedesktop NULL Pointer Dereference vulnerability in Freedesktop Poppler

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

5.5
2017-05-29 CVE-2017-9302 Realnetworks Divide By Zero vulnerability in Realnetworks Realplayer 16.0.2.32

RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.

5.5
2017-06-01 CVE-2017-9331 Epesi Cross-site Scripting vulnerability in Epesi

The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter.

5.4
2017-05-29 CVE-2017-9298 Hitachi Cross-site Scripting vulnerability in Hitachi Device Manager

Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.

5.4
2017-06-02 CVE-2017-6039 Phoenixbroadband Use of Hard-coded Credentials vulnerability in Phoenixbroadband Poweragent SC3 BMS Firmware 6.86

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87.

5.3
2017-05-30 CVE-2017-2311 Juniper Unspecified vulnerability in Juniper Junos Space

On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition.

5.3
2017-05-30 CVE-2017-2310 Juniper Unspecified vulnerability in Juniper Junos Space

A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk.

5.3
2017-06-02 CVE-2017-9366 Epesi Cross-site Scripting vulnerability in Epesi

Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.

4.8

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-06-04 CVE-2017-3741 Lenovo Unspecified vulnerability in Lenovo Power Management 1.67.12.19/1.67.12.23

In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly.

3.3