CVE-2017-11002
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur.
Source: CVE-2017-11002
[월:] 2017년 09월
CVE-2015-5284
CVE-2015-5284
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
Source: CVE-2015-5284
CVE-2015-4706
CVE-2015-4706
Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.
Source: CVE-2015-4706
CVE-2015-8559
CVE-2015-8559
The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages.
Source: CVE-2015-8559
CVE-2015-3296
CVE-2015-3296
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.
Source: CVE-2015-3296
CVE-2017-14160
CVE-2017-14160
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
Source: CVE-2017-14160
CVE-2015-0276
CVE-2015-0276
Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2.
Source: CVE-2015-0276
CVE-2017-14246
CVE-2017-14246
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
Source: CVE-2017-14246
CVE-2017-14635
CVE-2017-14635
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
Source: CVE-2017-14635
CVE-2017-14245
CVE-2017-14245
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
Source: CVE-2017-14245