CVE-2017-10905
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.
Source: CVE-2017-10905
[월:] 2017년 12월
CVE-2017-10904
CVE-2017-10904
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Source: CVE-2017-10904
CVE-2017-17712
CVE-2017-17712
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
Source: CVE-2017-17712
CVE-2017-14184 (forticlient, forticlient_sslvpn_client)
CVE-2017-14184 (forticlient, forticlient_sslvpn_client)
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other’s VPN authentication credentials due to improperly secured storage locations.
Source: CVE-2017-14184 (forticlient, forticlient_sslvpn_client)
CVE-2017-14184
CVE-2017-14184
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other’s VPN authentication credentials due to improperly secured storage locations.
Source: CVE-2017-14184
CVE-2017-12373
CVE-2017-12373
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher’s Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.
Source: CVE-2017-12373
CVE-2017-17700
CVE-2017-17700
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.
Source: CVE-2017-17700
CVE-2017-17699
CVE-2017-17699
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.
Source: CVE-2017-17699
CVE-2017-17701
CVE-2017-17701
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.
Source: CVE-2017-17701
CVE-2017-17556
CVE-2017-17556
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.
Source: CVE-2017-17556