Vulnerability Summary for the Week of February 13, 2017 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The CVSS (Common Vulnerability Scoring 'ystem) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity adobe ** cam#aign +dobe am#aign versions ,-.4 /uild 012. and 2017-02-15 7.5 CVE-2017-2968 CONFIRM (link earlier have a code in3ection vulnerability. is external) CONFIRM (link is external) adobe ** digital_editions +dobe Digital Editions versions ..5.3 and earlier 2017-02-15 10.0 CVE-2017-2973 CONFIRM (link have an e7#loitable hea# overflow vulnerability. is external) 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2982 CONFIRM (link earlier have an e7#loitable use after free is external) vulnerability in a routine related to #layer shutdown. 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2984 CONFIRM (link earlier have an e7#loitable hea# overflow is external) vulnerability in the h2-. decoder routine. 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2985 earlier have an e7#loitable use after free CONFIRM (link is external) vulnerability in the +ction'cri#t 6 /itma#Data class. 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2986 CONFIRM (link earlier have an e7#loitable hea# overflow is external) vulnerability in the 8lash !ideo (8L!) codec. 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2987 CONFIRM (link earlier have an e7#loitable integer overflow is external) vulnerability related to 8lash /roker OM. 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2988 CONFIRM (link earlier have an e7#loitable memory corru#tion is external) vulnerability when #erforming garbage collection. 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2990 CONFIRM (link earlier have an e7#loitable memory corru#tion is external) vulnerability in the h2-. decom#ression routine. 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2991 CONFIRM (link earlier have an e7#loitable memory corru#tion is external) vulnerability in the h2-. codec (related to decom#ression). 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2992 CONFIRM (link earlier have an e7#loitable hea# overflow is external) vulnerability when #arsing an MP. header. 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2993 CONFIRM (link earlier have an e7#loitable use after free is external) vulnerability related to event handlers. 'uccessful e7#loitation could lead to arbitrary code e7ecution. adobe ** flash4#layer +dobe 8lash Player versions 2..9.0.1:. and 2017-02-15 10.0 CVE-2017-2996 CONFIRM (link earlier have an e7#loitable memory corru#tion is external) vulnerability in Primetime '&<. 'uccessful e7#loitation could lead to arbitrary code e7ecution. advantech ** susiaccess +n issue was discovered in +dvantech 2017-02-13 7.2 CVE-2016-9353 BID (link is '=%'+ccess 'erver !ersion 6.9 and #rior. The external) admin #assword is stored in the system and is MISC encrypted with a static $ey hard-coded in the #rogram. +ttac$ers could reverse the admin account #assword for use. advantech ** webaccess +n issue was discovered in +dvantech 2017-02-13 7.5 CVE-2017-5154 BID (link is >eb+ccess !ersion 0.1. To be able to e7#loit the external) 'QL in3ection vulnerability, an attac$er must MISC su##ly malformed in#ut to the >eb+ccess software. 'uccessful attac$ could result in administrative access to the a##lication and its data files. binom6 ** +n issue was discovered in /%NOM6 =niversal 2017-02-13 10.0 CVE-2017-5162 BID (link is universal_multifunctional Multifunctional Electric Power Quality Meter. external) 4electric4#ower4@uality_ Lac$ of authentication for remote service gives MISC meter4firmware access to a##lication set u# and configuration. binom6 ** +n issue was discovered in /%NOM6 =niversal 2017-02-13 7.5 CVE-2017-5167 BID (link is universal_multifunctional Multifunctional Electric Power Quality Meter. external) 4electric4#ower4@uality_ =sers do not have any option to change their MISC meter4firmware own #asswords. dotcms ** dotcms +n issue was discovered in dot M' through 2017-02-17 7.5 CVE-2017-5344 MISC (link is 6.-.1. The findChildren/yFilter() function which external) is called by the web accessible #ath MISC Acategories'ervlet #erforms string inter#olation MISC (link is external) and direct '?L @uery e7ecution. 'QL @uote esca#ing and a $eyword blac$list were im#lemented in a new class, 'QL=til (mainA3avaAcomAdotmar$etingAcommonAutil/'? L=til.java), as #art of the remediation of !"* 29,-*0:92B however, these can be overcome in the case of the @ and inode #arameters to the Acategories'ervlet #ath. Overcoming these controls #ermits a number of blind boolean 'QL in3ection vectors in either #arameter. The Acategories'ervlet web #ath can be accessed remotely and without authentication in a default dot M' de#loyment. e7#onentcms ** installAinde7.ph# in "7#onent M' 2.3.9 allows 2017-02-13 7.5 CVE-2016-7565 MLIST (link is e7#onent4cms remote attac$ers to e7ecute arbitrary commands external) via shell metacharacters in the sc array CONFIRM (link #arameter. is external) CONFIRM (link is external) freebsd ** freebsd The Linu7 com#atibility layer in the $ernel in 2017-02-15 7.2 CVE-2016-1880 SECTRACK 8ree/'D :.6, ,9.1, and ,9.2 allows local users to (link is external) read #ortions of $ernel memory and #otentially FREEBSD gain #rivilege via uns#ecified vectors, related to Chandling of Linu7 fute7 robust lists." freebsd ** freebsd The $ernel in 8ree/'D :.3, ,9.1, and ,9.2 allows 2017-02-15 7.2 CVE-2016-1881 SECTRACK local users to cause a denial of service (crash) or (link is external) #otentially gain #rivilege via a crafted Linu7 FREEBSD com#atibility layer setgrou#s system call. freebsd ** freebsd The issetugid system call in the Linu7 2017-02-15 7.2 CVE-2016-1883 SECTRACK com#atibility layer in 8ree/'D :.3, ,9.1, and ,9.2 (link is external) allows local users to gain #rivilege via FREEBSD uns#ecified vectors. freebsd ** freebsd %nteger overflow in the bhyve hypervisor in 2017-02-15 7.2 CVE-2016-1889 SECTRACK 8ree/'D ,9.1, ,9.2, ,9.3, and ,,.0 when (link is external) configured with a large amount of guest FREEBSD memory, allows local users to gain #rivilege via a crafted device descri#tor. honeywell ** +n issue was discovered in Honeywell DL >eb %% 2017-02-13 7.5 CVE-2017-5143 BID (link is 7l4web4ii4controller controller DL,999 599 DL>eb"7e*2*9,*99 and external) #rior, and DL>eb 599 DL>eb"7e*,*92*90 and MISC #rior. + user without authenticating can ma$e a directory traversal attac$ by accessing a s#ecific =EL. ibm ** integration4bus %/M %ntegration /us :.0 and ,9.0 and >eb'#here 2017-02-15 8.5 CVE-2016-9706 CONFIRM (link Message /roker ';+P 8L;>' is vulnerable to a is external) denial of service, caused by an DML "7ternal Entity %n3ection (DD") error when #rocessing DML data. + remote attac$er could e7#loit this vulnerability to e7#ose highly sensitive information or consume all available memory resources. %/M Eeference F: ,::1:,0. ibm ** vios %/M +%D 5.6, -.1, 1.1, and 1.2 contains an 2017-02-15 7.2 CVE-2016-6079 CONFIRM (link uns#ecified vulnerability that would allow a is external) locally authenticated user to obtain root level BID (link is #rivileges. %/M +P+Es: %!00-50, %!01:0,, external) %!00.,:, %!01-.9, %!00956. ibm ** vios %/M +%D -.,, 1.1, and 1.2 could allow a local user 2017-02-15 7.2 CVE-2016-8972 CONFIRM (link to gain root #rivileges using a s#ecially crafted is external) command within the bellmail client. %/M +P+Es: BID (link is %!:,99-, %!:,991, %!:,990, %!:,9,9, %!:,9,,. external) lyn7s#ring ** +n issue was discovered in Lyn7s#ring GENEsys 2017-02-13 7.5 CVE-2016-8361 BID (link is 3enesys4bas4bridge /+' /ridge versions ,.1.8 and older. The external) a##lication uses a hard-coded username with no MISC #assword allowing an attac$er into the system without authentication. moxa ** dacenter +n issue was discovered in Moxa &+ enter 2017-02-13 7.1 CVE-2016-9354 BID (link is !ersions ,.4 and older. + s#ecially crafted #ro3ect external) file may cause the #rogram to crash because of MISC =ncontrolled Eesource onsum#tion.