CVE-2017-2302

CVE-2017-2302 affects Junos OS with BGP add-path enabled (send or both send/receive) across multiple releases (e.g., 12.1X46–D55, 12.1X47–D45, 12.3R13–, 12.3X48–D35, 13.3–R10, 14.1–R8, 14.1X53–D40, 14.1X55–D35, 14.2–R6, 15.1–F2/R1, 15.1X49–D20). A network-based attacker can cause the rpd daemon t...

CVE-2017-3509

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

CVE-2017-3496

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.0 and 12.1.0. Easily "exploitable" vulnerability allows unauthenticated attacker with...

CVE-2017-2326

The vulnerability CVE-2017-2326 affects Juniper Networks NorthStar Controller Application prior to 2.1.0 Service Pack 1. An information-disclosure flaw could allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to the attac...

CVE-2017-2784

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to ...

Oracle E-Business Suite 12.2.3 SQL Injection

Application: Oracle E-Business Suite Versions Affected: Oracle EBS 12.2.3 Vendor URL: http://oracle.com Bug: SQL injection Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Dmitry Chastuhin ERPScan Description 1. ADVISORY...

CVE-2016-6085

IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers...

Flaws Found in Popular Printer Models

Vulnerabilities in popular printer models made by HP, Dell and Lexmark expose the devices to attackers who can steal passwords, shut down printers and even steal print jobs. Academic researchers at the University Alliance Ruhr on Monday published a series of advisories and an informational wiki...

CVE-2017-3424

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2016-5552

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2017-3289

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols...

OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

UBUNTU-CVE-2017-3258

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

Arbitrary Code Execution Via Man-in-the-Middle (MitM)

npm-test-sqlite3-trunk is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, potentially causing a remote code execution RCE vulnerability exploitable by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

Actiontec WCB3000N 0.16.2.5 Privilege Escalation

Device Details Vendor: Actiontec Telus Branded Model: WCB3000N Affected Firmware: v0.16.2.5 Device Manual: http://static.telus.com/common/cms/files/internet/wifiplusextender.pdf Reported: November 2015 Status: Fixed on newest pushed firmware version CVE: Update is handled by the vendor, therefore...

Downloads Resources over HTTP

Overview Affected versions of go-ipfs-deps insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on...

SAP Adaptive Server Enterprise 16 Denial Of Service

Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2330839 Author:...

1 2 years ago SSH vulnerability can also? IOT device security concern-vulnerability warning-the black bar safety net

! Overview According to foreign media the latest report, Akamai is the company's security research experts this week found a new type of attack. According to the security expert described, the attacker can use the one there for twelve years, SSH vulnerability, and with some security of the weaker...

FreeBSD : FreeBSD -- Multiple portsnap vulnerabilities (e7dcd69d-8ee6-11e6-a590-14dae9d210b8)

Flaws in portsnap's verification of downloaded tar files allows additional files to be included without causing the verification to fail. Portsnap may then use or execute these files. Impact : An attacker who can conduct man in the middle attack on the network at the time when portsnap is run can...

Command Execution Vulnerability in Huawei UMA

Huawei UMA Unified Maintenance Audit is a unified audit system. It provides a unified O&M operation portal, controls and records O&M operations performed by users, and supports auditing by command view and video playback. A command execution vulnerability exists in Huawei UMA. As the system does...