Security Vulnerabilities - CVEs Published In January 2018
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
CVSS Score
9.8
EPSS Score
0.764
Published
2018-01-10
Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ -- for example a '.\./', '....\/' or '...\./' sequence. For files with no extension, a single dot needs to be appended to ensure the HTTP server does not alter the request, e.g., a "GET /.\./.\./.\./.\./.\./.\./.\./windows/system32/drivers/etc/hosts." request.
CVSS Score
7.5
EPSS Score
0.036
Published
2018-01-10
Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
CVSS Score
5.9
EPSS Score
0.01
Published
2018-01-10
Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-10
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
CVSS Score
6.1
EPSS Score
0.073
Published
2018-01-10
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.
CVSS Score
7.0
EPSS Score
0.0
Published
2018-01-10
(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-10
lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-10
(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-10
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-01-10