CVE-2017-9300
published 2017-05-29CVE-2017-9300: plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application…
PriorityP431high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
3.28%
86.9th percentile
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 2.2.6-3 (bookworm) | vlc 2.2.6-3 (bookworm) |
| videolan | vlc_media_player | <= 2.2.4 | — |
| videolan | vlc_media_player | >= 0 < 2.2.6-3 | 2.2.6-3 |
| videolan | vlc_media_player | >= 0 < 2.2.6-3 | 2.2.6-3 |
| videolan | vlc_media_player | >= 0 < 2.2.6-3 | 2.2.6-3 |
| videolan | vlc_media_player | >= 0 < 2.2.6-3 | 2.2.6-3 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_cisco8.8HIGH
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8hr4-qhgg-4984: plugins\codec\libflac_plugin
ghsa_unreviewed·2022-05-17
CVE-2017-9300 [HIGH] CWE-119 GHSA-8hr4-qhgg-4984: plugins\codec\libflac_plugin
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
OSV
CVE-2017-9300: plugins\codec\libflac_plugin
osv·2017-05-29·CVSS 7.8
CVE-2017-9300 [HIGH] CVE-2017-9300: plugins\codec\libflac_plugin
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
Cisco
Cisco Firepower 4100 and 9300 Security Appliance Local Management Filtering Bypass Vulnerability
vendor_cisco·2017-11-15·CVSS 5.3
CVE-2017-12299 [MEDIUM] CWE-20 Cisco Firepower 4100 and 9300 Security Appliance Local Management Filtering Bypass Vulnerability
Cisco Firepower 4100 and 9300 Security Appliance Local Management Filtering Bypass Vulnerability
A vulnerability in the process for creating default IP blocks during device initialization for Cisco Firepower 4100 Series and Firepower 9300 Security Appliances running Cisco FXOS Software could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic.
The vulnerability is due to an implementation error that exists in the process for creating default IP blocks when the device is initialized, and the way in which those IP blocks interact with user-configured filters for local IP management traffic (for example, SSH to the device). An attacker could exploit this vulnerability b
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability
vendor_cisco·2017-11-01·CVSS 6.7
CVE-2017-12243 [MEDIUM] CWE-78 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device.
The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisc
Cisco
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
vendor_cisco·2017-11-01·CVSS 8.8
CVE-2017-12277 [HIGH] CWE-20 Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges.
The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges.
Cisco has released software updates that address this vulnerability. Th
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability
vendor_cisco·2017-04-05·CVSS 6.4
CVE-2017-6598 [MEDIUM] CWE-264 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands.
The vulnerability is due to inadequate integrity checks for the debug plug-in. An attacker could exploit this vulnerability by crafting a debug plug-in and loading it using elevated privileges. An exploit could allow the attacker to run malicious code that would allow for the execution of arbitrary commands as root.
There are no workarounds that address this vulne
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
vendor_cisco·2017-04-05·CVSS 4.4
CVE-2017-6601 [MEDIUM] CWE-78 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside of the user’s path.
There are no workarounds that address this vulnerability.
This advisory is available at the f
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
vendor_cisco·2017-04-05·CVSS 5.3
CVE-2017-6600 [MEDIUM] CWE-78 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.
The vulnerability is due to insufficient input validation for the affected command. An authenticated local attacker could exploit this vulnerability by injecting crafted command arguments into a redirect of a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.
There are no workarounds that address this
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
vendor_cisco·2017-04-05·CVSS 4.4
CVE-2017-6602 [MEDIUM] CWE-78 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside the expected path and gain access to other devices.
There are no workarounds that address this vulnerability.
This ad
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability
vendor_cisco·2017-04-05·CVSS 5.3
CVE-2017-6597 [MEDIUM] CWE-78 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.
The vulnerability is due to insufficient input validation for the affected command. An authenticated, local attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.
There are no workarounds
Cisco
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability
vendor_cisco·2017-02-01·CVSS 5.3
CVE-2017-3806 [MEDIUM] CWE-78 Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device.
The vulnerability is due to insufficient input validation of user-controlled input parameters entered at the CLI. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input parameters to certain commands. A successful exploit could allow an authenticated attacker to execute arbitrary shell commands on the device.
There are no workarounds that address this vulnerability.
This adv
Debian
CVE-2017-9300: vlc - plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remot...
vendor_debian·2017·CVSS 7.8
CVE-2017-9300 [HIGH] CVE-2017-9300: vlc - plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remot...
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
Scope: local
bookworm: resolved (fixed in 2.2.6-3)
bullseye: resolved (fixed in 2.2.6-3)
forky: resolved (fixed in 2.2.6-3)
sid: resolved (fixed in 2.2.6-3)
trixie: resolved (fixed in 2.2.6-3)
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6600 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
CVE-2017-6600: Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation for the affected command. An authenticated local attacker could exploit this vulnerability by injecting crafted command arguments into a redirect of a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user. There are no
CVSS: 3.0
CWE: CW
Cisco
Cisco Firepower 4100 and 9300 Security Appliance Local Management Filtering Bypass Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-12299 Cisco Firepower 4100 and 9300 Security Appliance Local Management Filtering Bypass Vulnerability
CVE-2017-12299: Cisco Firepower 4100 and 9300 Security Appliance Local Management Filtering Bypass Vulnerability
A vulnerability in the process for creating default IP blocks during device initialization for Cisco Firepower 4100 Series and Firepower 9300 Security Appliances running Cisco FXOS Software could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. The vulnerability is due to an implementation error that exists in the process for creating default IP blocks when the device is initialized, and the way in which those IP blocks interact with user-configured filters for local IP management traffic (for example, SSH to the device). An attacker could exploit this v
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6602 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
CVE-2017-6602: Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside the expected path and gain access to other devices. There are no
CVSS: 3.0
CWE: CWE-78, CWE-78
Bug IDs: CS
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-12243 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability
CVE-2017-12243: Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. There are no
CVSS: 3.0
CWE: CWE-78, CWE-78
Bug IDs: CSCvf20741, CSCvf60078
Cisco
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-12277 Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
CVE-2017-12277: Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco has released software updates that address this vuln
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6601 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
CVE-2017-6601: Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside of the user’s path. There are no
CVSS: 3.0
CWE: CWE-78, CWE-78
Bug IDs: CSCvb61384, CSCvb86764
Cisco
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-3806 Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability
CVE-2017-3806: Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of user-controlled input parameters entered at the CLI. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input parameters to certain commands. A successful exploit could allow an authenticated attacker to execute arbitrary shell commands on the device. There are no
CVSS: 3.0
CWE: CWE-78, CWE-78
Bug IDs: CSC
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6598 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability
CVE-2017-6598: Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands. The vulnerability is due to inadequate integrity checks for the debug plug-in. An attacker could exploit this vulnerability by crafting a debug plug-in and loading it using elevated privileges. An exploit could allow the attacker to run malicious code that would allow for the execution of arbitrary commands as root . There are no
CVSS: 3.0
CWE: CWE-264
Cisco
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6597 Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability
CVE-2017-6597: Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation for the affected command. An authenticated, local attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user. There are no
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.htmlhttp://www.securityfocus.com/bid/98747https://www.debian.org/security/2017/dsa-4045http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.htmlhttp://www.securityfocus.com/bid/98747https://www.debian.org/security/2017/dsa-4045
2017-05-29
Published