» 2016 » 9월

CVE-2016-0141 (office)

Posted on 2016년 9월 14일2016년 9월 15일 by admin

CVE-2016-0141 (office)

The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."

Source: CVE-2016-0141 (office)

CVE-2016-0138 (exchange_server)

Posted on 2016년 9월 14일2016년 9월 15일 by admin

CVE-2016-0138 (exchange_server)

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."

Source: CVE-2016-0138 (exchange_server)

CVE-2016-0137 (office)

Posted on 2016년 9월 14일2016년 9월 15일 by admin

CVE-2016-0137 (office)

The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."

Source: CVE-2016-0137 (office)

CVE-2016-6399 (ace_4700_series_application_control_engine_appliance, ace_4700_series_application_control_engine_appliance_a1, ace_4700_series_application_control_engine_appliance_a3, ace_4700_series_application_control_engine_appliance_a4, ace_4700_series_application_control_engine_appliance_a5, ace_application_control_engine_module_a1, ace_application_control_engine_module_a3, ace_application_control_engine_module_a4, ace_application_control_engine_module_a5)

Posted on 2016년 9월 12일2016년 9월 13일 by admin

CVE-2016-6399 (ace_4700_series_application_control_engine_appliance, ace_4700_series_application_control_engine_appliance_a1, ace_4700_series_application_control_engine_appliance_a3, ace_4700_series_application_control_engine_appliance_a4, ace_4700_series_application_control_engine_appliance_a5, ace_application_control_engine_module_a1, ace_application_control_engine_module_a3, ace_application_control_engine_module_a4, ace_application_control_engine_module_a5)

Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317.

Source: CVE-2016-6399 (ace_4700_series_application_control_engine_appliance, ace_4700_series_application_control_engine_appliance_a1, ace_4700_series_application_control_engine_appliance_a3, ace_4700_series_application_control_engine_appliance_a4, ace_4700_series_application_control_engine_appliance_a5, ace_application_control_engine_module_a1, ace_application_control_engine_module_a3, ace_application_control_engine_module_a4, ace_application_control_engine_module_a5)

CVE-2016-6398 (ios)

Posted on 2016년 9월 12일2016년 9월 13일 by admin

CVE-2016-6398 (ios)

The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274.

Source: CVE-2016-6398 (ios)

CVE-2016-6396 (firesight_system_software)

Posted on 2016년 9월 12일2016년 9월 13일 by admin

CVE-2016-6396 (firesight_system_software)

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.

Source: CVE-2016-6396 (firesight_system_software)

CVE-2016-6395 (firesight_system_software)

Posted on 2016년 9월 12일2016년 9월 13일 by admin

CVE-2016-6395 (firesight_system_software)

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658.

Source: CVE-2016-6395 (firesight_system_software)

CVE-2016-6394 (firesight_system_software)

Posted on 2016년 9월 12일2016년 9월 13일 by admin

CVE-2016-6394 (firesight_system_software)

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503.

Source: CVE-2016-6394 (firesight_system_software)

CVE-2016-6371 (hosted_collaboration_mediation_fulfillment)

Posted on 2016년 9월 12일2016년 9월 13일 by admin

CVE-2016-6371 (hosted_collaboration_mediation_fulfillment)

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.

Source: CVE-2016-6371 (hosted_collaboration_mediation_fulfillment)

CVE-2016-6370 (hosted_collaboration_mediation_fulfillment)

Posted on 2016년 9월 12일2016년 9월 13일 by admin

CVE-2016-6370 (hosted_collaboration_mediation_fulfillment)

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.

Source: CVE-2016-6370 (hosted_collaboration_mediation_fulfillment)