» 2017 » 12월

CVE-2017-0878

Posted on 2017년 12월 6일2017년 12월 7일 by admin

CVE-2017-0878

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291.

Source: CVE-2017-0878

CVE-2017-0879

Posted on 2017년 12월 6일2017년 12월 7일 by admin

CVE-2017-0879

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.

Source: CVE-2017-0879

CVE-2017-0874

Posted on 2017년 12월 6일2017년 12월 7일 by admin

CVE-2017-0874

A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932.

Source: CVE-2017-0874

CVE-2017-13152

Posted on 2017년 12월 6일2017년 12월 7일 by admin

CVE-2017-13152

An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384.

Source: CVE-2017-13152

CVE-2017-13154

Posted on 2017년 12월 6일2017년 12월 7일 by admin

CVE-2017-13154

An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573.

Source: CVE-2017-13154

CVE-2017-17069

Posted on 2017년 12월 6일2017년 12월 6일 by admin

CVE-2017-17069

ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file.

Source: CVE-2017-17069

CVE-2017-17383

Posted on 2017년 12월 6일2017년 12월 6일 by admin

CVE-2017-17383

Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.

Source: CVE-2017-17383

CVE-2017-17433

Posted on 2017년 12월 6일2017년 12월 6일 by admin

CVE-2017-17433

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.

Source: CVE-2017-17433

CVE-2017-17434

Posted on 2017년 12월 6일2017년 12월 6일 by admin

CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.

Source: CVE-2017-17434

CVE-2017-17432

Posted on 2017년 12월 6일2017년 12월 6일 by admin

CVE-2017-17432

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

Source: CVE-2017-17432