CVE-2017-3221
published 2017-07-22CVE-2017-3221: Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.54%
87.8th percentile
Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inmarsat | amosconnect | — | — |
| inmarsat | amosconnect_8 | — | — |
| inmarsat | amosconnect_8 | — | — |
| inmarsat | amosconnect_8 | — | — |
| inmarsat | amosconnect_8 | — | — |
| inmarsat | amosconnect_8 | — | — |
| inmarsat | amosconnect_8 | — | — |
| inmarsat | amosconnect_8 | — | — |
| inmarsat | amosconnect_8 | — | — |
| inmarsat | amosconnect_8 | — | — |
| inmarsat | amosconnect_8 | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-74xr-j6fq-776m: Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords
ghsa_unreviewed·2022-05-17
CVE-2017-3221 [CRITICAL] CWE-89 GHSA-74xr-j6fq-776m: Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords
Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.
OSV
linux-hwe vulnerability
osv·2017-03-08·CVSS 7.0
CVE-2017-2636 linux-hwe vulnerability
linux-hwe vulnerability
USN-3221-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.
Alexander Popov discovered that the N_HDLC line discipline implementation
in the Linux kernel contained a double-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2017-2636)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
bugzilla·2017-02-03·CVSS 5.5
CVE-2016-10167 [MEDIUM] CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
Possible DoS vulnerability in gdImageCreateFromGd2Ctx() was found.
Upstream patch:
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
PHP bug:
https://bugs.php.net/bug.php?id=73868
CVE assignment:
http://www.openwall.com/lists/oss-security/2017/01/28/6
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1418991]
---
Created libwmf tracking bugs for this issue:
Affects: fedora-all [bug 1418992]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:3221 https://access.redhat.com/errata/RHSA-2017:3221
---
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enter
Bugzilla
CVE-2016-10168 gd: Integer overflow in gd_io.c
bugzilla·2017-02-03·CVSS 7.8
CVE-2016-10168 [HIGH] CVE-2016-10168 gd: Integer overflow in gd_io.c
CVE-2016-10168 gd: Integer overflow in gd_io.c
An integer overflow in gd_io.c was found.
Upstream patch:
https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
PHP bug:
https://bugs.php.net/bug.php?id=73869
CVE assignment:
http://www.openwall.com/lists/oss-security/2017/01/28/6
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1418991]
---
Created libwmf tracking bugs for this issue:
Affects: fedora-all [bug 1418992]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:3221 https://access.redhat.com/errata/RHSA-2017:3221
---
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 6
Red Hat Software Collections f
http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/http://www.securityfocus.com/bid/99899https://twitter.com/mkolsek/status/923988845783322625https://www.kb.cert.org/vuls/id/586501http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/http://www.securityfocus.com/bid/99899https://twitter.com/mkolsek/status/923988845783322625https://www.kb.cert.org/vuls/id/586501
2017-07-22
Published