An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords.
Monthly Archives: February 2017
CVE-2017-5168
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution.
diffoscope-77-1.fc25
Update to the latest version, fixes a security issue.
diffoscope-77-1.fc24
Update to the latest version, fixes a security issue.
Cimetrics BACnet Explorer 4.0 XXE Injection
Cimetrics BACnet Explorer version 4.0 suffers from an XML eXternal Entity vulnerability that allows for remote retrieval of arbitrary data.
Cimetrics BACstac Routing Service 6.2f Local Privilege Escalation
Cimetrics BACstac Routing Service version 6.2f suffers from a local privilege escalation vulnerability.
SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation
SonicDICOM PACS version 2.3.2 suffers from a remote privilege escalation vulnerability.
SonicDICOM PACS 2.3.2 Cross Site Request Forgery
SonicDICOM PACS version 2.3.2 suffers from a cross site request forgery vulnerability.
Updated Firmware Due for Serious TP-Link Router Vulnerabilities
A researcher disclosed vulnerabilities in TP-Link C2 and C20i routers that allow for remote code execution and denial-of-service attacks with authentication.
Red Hat Security Advisory 2017-0269-01
Red Hat Security Advisory 2017-0269-01 – The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties.