» 2017 » 1월

The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.

Source: CVE-2016-10075

CVE-2015-8212

Posted on 2017년 1월 20일2017년 1월 20일 by admin

CVE-2015-8212

CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.

Source: CVE-2015-8212

CVE-2016-7794

Posted on 2017년 1월 20일2017년 1월 20일 by admin

CVE-2016-7794

sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.

Source: CVE-2016-7794

CVE-2016-7793

Posted on 2017년 1월 20일2017년 1월 20일 by admin

CVE-2016-7793

sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.

Source: CVE-2016-7793

CVE-2016-9016

Posted on 2017년 1월 20일2017년 1월 20일 by admin

CVE-2016-9016

Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

Source: CVE-2016-9016

CVE-2016-5225 (chrome)

Posted on 2017년 1월 19일2017년 1월 21일 by admin

CVE-2016-5225 (chrome)

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.

Source: CVE-2016-5225 (chrome)

CVE-2016-9650 (chrome)

Posted on 2017년 1월 19일2017년 1월 21일 by admin

CVE-2016-9650 (chrome)

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.

Source: CVE-2016-9650 (chrome)