CVE-2017-17538
MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.
Source: CVE-2017-17538
[월:] 2017년 12월
CVE-2017-5530
CVE-2017-5530
The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.
Source: CVE-2017-5530
CVE-2017-5534
CVE-2017-5534
The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.
Source: CVE-2017-5534
CVE-2017-4942
CVE-2017-4942
VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.
Source: CVE-2017-4942
CVE-2017-14362
CVE-2017-14362
Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.
Source: CVE-2017-14362
CVE-2017-13099
CVE-2017-13099
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
Source: CVE-2017-13099
CVE-2017-13098
CVE-2017-13098
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
Source: CVE-2017-13098
CVE-2017-14361
CVE-2017-14361
Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack.
Source: CVE-2017-14361
CVE-2017-17566
CVE-2017-17566
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
Source: CVE-2017-17566
CVE-2017-17564
CVE-2017-17564
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
Source: CVE-2017-17564