CVE-2017-2255
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" funtion of the application "Space".
Source: CVE-2017-2255
[월:] 2017년 08월
CVE-2017-2257
CVE-2017-2257
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
Source: CVE-2017-2257
CVE-2017-2256
CVE-2017-2256
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" funtion of the application "Memo".
Source: CVE-2017-2256
CVE-2017-1110
CVE-2017-1110
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915.
Source: CVE-2017-1110
CVE-2017-3746
CVE-2017-3746
ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges.
Source: CVE-2017-3746
CVE-2017-2254
CVE-2017-2254
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu’s edit function via specially crafted input
Source: CVE-2017-2254
CVE-2017-13715
CVE-2017-13715
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.
Source: CVE-2017-13715
CVE-2017-2258
CVE-2017-2258
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
Source: CVE-2017-2258
CVE-2017-10837
CVE-2017-10837
Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Source: CVE-2017-10837
CVE-2017-10836
CVE-2017-10836
Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Source: CVE-2017-10836