CVE-2017-0752
A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.
Source: CVE-2017-0752
[월:] 2017년 09월
CVE-2017-0756
CVE-2017-0756
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073.
Source: CVE-2017-0756
CVE-2017-12146
CVE-2017-12146
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.
Source: CVE-2017-12146
CVE-2011-3177
CVE-2011-3177
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.
Source: CVE-2011-3177
CVE-2016-5759
CVE-2016-5759
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
Source: CVE-2016-5759
CVE-2017-14167
CVE-2017-14167
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
Source: CVE-2017-14167
CVE-2017-2550
CVE-2017-2550
Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename.
Source: CVE-2017-2550
CVE-2017-12071 (photo_station)
CVE-2017-12071 (photo_station)
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Source: CVE-2017-12071 (photo_station)
CVE-2017-11162 (photo_station)
CVE-2017-11162 (photo_station)
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
Source: CVE-2017-11162 (photo_station)
CVE-2017-11161 (photo_station)
CVE-2017-11161 (photo_station)
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
Source: CVE-2017-11161 (photo_station)