CVE-2017-17669 (exiv2)
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
Source: CVE-2017-17669 (exiv2)
[월:] 2017년 12월
CVE-2017-7738 (fortios)
CVE-2017-7738 (fortios)
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.
Source: CVE-2017-7738 (fortios)
CVE-2017-17669
CVE-2017-17669
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
Source: CVE-2017-17669
CVE-2017-7738
CVE-2017-7738
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.
Source: CVE-2017-7738
CVE-2017-11305
CVE-2017-11305
A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.
Source: CVE-2017-11305
CVE-2017-17664
CVE-2017-17664
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
Source: CVE-2017-17664
CVE-2017-14380
CVE-2017-14380
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 – 8.0.1.1, 8.0.0.0 – 8.0.0.4, 7.2.1.0 – 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.
Source: CVE-2017-14380
CVE-2017-17665
CVE-2017-17665
In Octopus Deploy before 4.1.3, the machine update process doesn’t check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.
Source: CVE-2017-17665
CVE-2017-15530 (norton_family)
CVE-2017-15530 (norton_family)
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings.
Source: CVE-2017-15530 (norton_family)
CVE-2017-15529 (norton_family)
CVE-2017-15529 (norton_family)
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.
Source: CVE-2017-15529 (norton_family)