» 2017 » 12월

CVE-2017-12823

Posted on 2017년 12월 9일2017년 12월 9일 by admin

CVE-2017-12823

Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.

Source: CVE-2017-12823

CVE-2017-15894

Posted on 2017년 12월 9일2017년 12월 9일 by admin

CVE-2017-15894

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

Source: CVE-2017-15894

CVE-2017-15893

Posted on 2017년 12월 9일2017년 12월 9일 by admin

CVE-2017-15893

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

Source: CVE-2017-15893

CVE-2017-10906

Posted on 2017년 12월 9일2017년 12월 9일 by admin

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

Source: CVE-2017-10906

CVE-2017-10897

Posted on 2017년 12월 9일2017년 12월 9일 by admin

CVE-2017-10897

Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors.

Source: CVE-2017-10897

CVE-2017-16921

Posted on 2017년 12월 9일2017년 12월 9일 by admin

CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.

Source: CVE-2017-16921

CVE-2017-10896

Posted on 2017년 12월 9일2017년 12월 9일 by admin

CVE-2017-10896

Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

Source: CVE-2017-10896

CVE-2017-10893

Posted on 2017년 12월 9일2017년 12월 9일 by admin

CVE-2017-10893

Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user’s software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Source: CVE-2017-10893

CVE-2017-11940

Posted on 2017년 12월 8일2017년 12월 9일 by admin

CVE-2017-11940

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937.

Source: CVE-2017-11940

CVE-2017-17472

Posted on 2017년 12월 8일2017년 12월 8일 by admin

CVE-2017-17472

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a .Viragtlt DeviceIoControl request of 0x82730030.

Source: CVE-2017-17472