SB18-120: Vulnerability Summary for the Week of April 23, 2018

Original release date: April 30, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abbott_laboratories — accent/anthem_and_accent_mri_and_assurity/allure_and_assurity_mri
 
Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted “RF wake-up” commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.2018-04-25not yet calculatedCVE-2017-12714
BID
MISC

abbott_laboratories — accent/anthem_and_accent_mri_and_assurity/allure_and_assurity_mri

 

The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.2018-04-25not yet calculatedCVE-2017-12712
BID
MISC
abbott_laboratories — accent/anthem_and_accent_mri_and_assurity/allure_and_assurity_mri
 
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.2018-04-25not yet calculatedCVE-2017-12716
BID
MISC
advantech — webaccess_hmi_designer
 
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.2018-04-25not yet calculatedCVE-2018-8835
BID
MISC
advantech — webaccess_hmi_designer
 
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.2018-04-25not yet calculatedCVE-2018-8837
BID
MISC
advantech — webaccess_hmi_designer
 
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.2018-04-25not yet calculatedCVE-2018-8833
BID
MISC
ahnlab — v3_internet_security
 
Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call.2018-04-24not yet calculatedCVE-2013-3947
SECUNIA
XF
ansible — ansible
 
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible’s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.2018-04-24not yet calculatedCVE-2016-9587
REDHAT
REDHAT
BID
REDHAT
REDHAT
REDHAT
CONFIRM
GENTOO
EXPLOIT-DB
antennahouse — dmc_htmlfilter
 
An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter.2018-04-24not yet calculatedCVE-2016-8384
MISC
antennahouse — dmc_htmlfilter
 
An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability.2018-04-24not yet calculatedCVE-2016-8383
MISC
antennahouse — dmc_htmlfilter
 
An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability.2018-04-24not yet calculatedCVE-2016-8382
MISC
apache — fineractWithin the ‘getReportType’ method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn’t have authorization for by way of the ‘reportName’ parameter.2018-04-20not yet calculatedCVE-2018-1292
BID
MLIST
apache — fineractIn Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class.2018-04-20not yet calculatedCVE-2018-1290
BID
MLIST
apache — fineract
 
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter ‘orderBy’ and ‘sortOrder’ which are appended directly with SQL statements. A hacker/user can inject/draft the ‘orderBy’ and ‘sortOrder’ query parameter in such a way to read/update the data for which he doesn’t have authorization.2018-04-20not yet calculatedCVE-2018-1289
BID
MLIST
apache — fineract
 
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter ‘orderBy’ which are appended directly with SQL statements. A hacker/user can inject/draft the ‘orderBy’ query parameter by way of the “order” param in such a way to read/update the data for which he doesn’t have authorization.2018-04-20not yet calculatedCVE-2018-1291
BID
MLIST
apache — multiple_products
 
In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.2018-04-26not yet calculatedCVE-2017-15691
CONFIRM

apache — tika

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika’s ChmParser in versions of Apache Tika before 1.18.2018-04-25not yet calculatedCVE-2018-1339
MLIST
apache — tika
 
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.2018-04-25not yet calculatedCVE-2018-1335
BID
MLIST
apache — tika
 
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika’s BPGParser in versions of Apache Tika before 1.18.2018-04-25not yet calculatedCVE-2018-1338
MLIST

artifex — mupdf

 

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.2018-04-22not yet calculatedCVE-2018-10289
MISC

artifex — mupdf

 

An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2016-8728
MISC

artifex — mupdf

 

An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.2018-04-24not yet calculatedCVE-2016-8729
MISC
atlassian — fisheye_and_crucible
 
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.2018-04-24not yet calculatedCVE-2018-5228
BID
CONFIRM
CONFIRM
b3log_symphony — b3log_symphony
 
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.2018-04-27not yet calculatedCVE-2018-10469
MISC
baijiacms — baijiacms
 
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.2018-04-27not yet calculatedCVE-2018-10503
MISC
blender — blenderAn exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ‘.iris’ file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-2901
MISC
blender — blender
 
An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ‘.hdr’ file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-2904
MISC
blender — blender
 
An exploitable integer overflow exists in the ‘BKE_mesh_calc_normals_tessface’ functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-12086
MISC
blender — blender
 
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ‘.bmp’ file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-2905
MISC
blender — blender
 
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ‘.png’ file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-2900
MISC
blender — blender
 
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-12102
MISC
blender — blender
 
An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-2918
MISC
blender — blender
 
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created ‘.avi’ file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-2907
MISC
blender — blender
 
An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog.2018-04-24not yet calculatedCVE-2017-2908
MISC
blender — blender
 
An exploitable integer overflow exists in the ‘multires_load_old_dm’ functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-12100
MISC
blender — blender
 
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ‘.tif’ file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-2899
MISC
blender — blender
 
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute ‘tface’ of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-12099
MISC
blender — blender
 
An exploitable integer overflow exists in the ‘CustomData’ Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-12082
MISC
blender — blender
 
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-12103
MISC
blender — blender
 
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-12081
MISC
blender — blender
 
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-12104
MISC
blender — blender
 
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ‘.cin’ file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-2902
MISC
blender — blender
 
An exploitable integer overflow exists in the ‘modifier_mdef_compact_influences’ functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-12101
MISC
blender — blender
 
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created ‘.avi’ file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-2906
MISC
blender — blender
 
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ‘.cin’ file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-2903
MISC
blender — blender
 
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.2018-04-24not yet calculatedCVE-2017-12105
MISC
brookins_consulting — bc_collected_information_export_extension
 
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.2018-04-27not yet calculatedCVE-2014-2552
XF
CONFIRM
MISC
centers_for_disease_control_and_prevention — microbetrace
 
Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial ‘>