CVE-2018-7658
NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes.
Source: CVE-2018-7658
[월:] 2018년 03월
CVE-2017-12410
CVE-2017-12410
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with "NT AUTHORITYSYSTEM" privileges.
Source: CVE-2017-12410
CVE-2017-18249
CVE-2017-18249
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
Source: CVE-2017-18249
CVE-2018-7673
CVE-2018-7673
The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.
Source: CVE-2018-7673
CVE-2018-1349
CVE-2018-1349
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.
Source: CVE-2018-1349
CVE-2018-1348
CVE-2018-1348
NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.
Source: CVE-2018-1348
CVE-2018-1350
CVE-2018-1350
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.
Source: CVE-2018-1350
CVE-2018-7543
CVE-2018-7543
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.
Source: CVE-2018-7543
CVE-2018-1204
CVE-2018-1204
Dell EMC Isilon OneFS versions between 8.1.0.0 – 8.1.0.1, 8.0.1.0 – 8.0.1.2, and 8.0.0.0 – 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.
Source: CVE-2018-1204
CVE-2018-1202
CVE-2018-1202
Dell EMC Isilon versions between 8.1.0.0 – 8.1.0.1, 8.0.1.0 – 8.0.1.2, and 8.0.0.0 – 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user’s browser session in the context of the OneFS website.
Source: CVE-2018-1202