Monthly Archive: June 2017

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. Date published : 2017-06-27 http://jvn.jp/en/jp/JVN12991684/index.html http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000186.html

Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. Date published : 2017-06-27 http://jvn.jp/en/jp/JVN21968837/index.html http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000185.html

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. Date published : 2017-06-27 http://www.securityfocus.com/bid/76015 http://www.securityfocus.com/archive/1/536050/100/0/threaded

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). Date published : 2017-06-27 http://www.securityfocus.com/bid/99324 https://bugzilla.redhat.com/show_bug.cgi?id=1249603

The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. Date published : 2017-06-27 http://blog.trendmicro.com/trendlabs-security-intelligence/os-x-zero-days-on-the-rise-a-2015-midyear-review-on-advanced-attack-surfaces/ https://huntcve.github.io/2017/02/13/cveupdate/

Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). Date published : 2017-06-27 http://www.securityfocus.com/bid/72571 http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-414153.htm

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. Date published : 2017-06-27 http://www.securityfocus.com/bid/99311 https://bugzilla.redhat.com/show_bug.cgi?id=1200927

The custom authentication realm used by karaf-tomcat’s "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. Date published : 2017-06-27 http://www.securityfocus.com/bid/73255 https://cloudrouter.org/security/

The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. Date published : 2017-06-27 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775681 https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=0001-fix-fifo-and-ctl-defaults-pointing-to-unsecure-tmp-d.patch;att=1;bug=775681

IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive...

IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. Date published : 2017-06-27...

rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. Date published : 2017-06-27 http://www.securityfocus.com/bid/93796 https://bugzilla.redhat.com/show_bug.cgi?id=1381681

elog 3.1.1 allows remote attackers to post data as any username in the logbook. Date published : 2017-06-27 https://bugzilla.redhat.com/show_bug.cgi?id=1371328 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ZQOPXSMJAJIXH5MRPQS2ZISYJPSLQK/

IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696. Date published : 2017-06-27 http://www.securityfocus.com/bid/99259 http://www.ibm.com/support/docview.wss?uid=swg22000909