» 2017 » 3월

CVE-2017-6384 (atheme)

Posted on 2017년 3월 2일2017년 3월 3일 by admin

CVE-2017-6384 (atheme)

Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8.

Source: CVE-2017-6384 (atheme)

CVE-2017-6403 (netbackup, netbackup_appliance)

Posted on 2017년 3월 2일2017년 3월 3일 by admin

CVE-2017-6403 (netbackup, netbackup_appliance)

An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.

Source: CVE-2017-6403 (netbackup, netbackup_appliance)

CVE-2017-6399

Posted on 2017년 3월 2일2017년 3월 2일 by admin

CVE-2017-6399

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.

Source: CVE-2017-6399

CVE-2017-6405

Posted on 2017년 3월 2일2017년 3월 2일 by admin

CVE-2017-6405

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.

Source: CVE-2017-6405

CVE-2017-6390

Posted on 2017년 3월 2일2017년 3월 2일 by admin

CVE-2017-6390

An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6390

CVE-2017-6392

Posted on 2017년 3월 2일2017년 3월 2일 by admin

CVE-2017-6392

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6392

CVE-2017-6062

Posted on 2017년 3월 2일2017년 3월 2일 by admin

CVE-2017-6062

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.

Source: CVE-2017-6062

CVE-2017-6406

Posted on 2017년 3월 2일2017년 3월 2일 by admin

CVE-2017-6406

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.

Source: CVE-2017-6406

CVE-2017-6395

Posted on 2017년 3월 2일2017년 3월 2일 by admin

CVE-2017-6395

An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the ‘hashover/scripts/widget-output.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6395

CVE-2017-6391

Posted on 2017년 3월 2일2017년 3월 2일 by admin

CVE-2017-6391

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, the "admin_console/web/tools/AkamaiBroadcaster.php" URL, the "admin_console/web/tools/bigRedButton.php" URL, and the "admin_console/web/tools/bigRedButtonPtsPoc.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Source: CVE-2017-6391