» 2018 » 3월

CVE-2018-8935

Posted on 2018년 3월 22일2018년 3월 23일 by admin

CVE-2018-8935

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW.

Source: CVE-2018-8935

CVE-2017-16772

Posted on 2018년 3월 22일2018년 3월 23일 by admin

CVE-2017-16772

Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.

Source: CVE-2017-16772

CVE-2018-8934

Posted on 2018년 3월 22일2018년 3월 23일 by admin

CVE-2018-8934

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.

Source: CVE-2018-8934

CVE-2018-8933

Posted on 2018년 3월 22일2018년 3월 23일 by admin

CVE-2018-8933

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.

Source: CVE-2018-8933

CVE-2018-8932

Posted on 2018년 3월 22일2018년 3월 23일 by admin

CVE-2018-8932

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4.

Source: CVE-2018-8932

CVE-2018-8931

Posted on 2018년 3월 22일2018년 3월 23일 by admin

CVE-2018-8931

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.

Source: CVE-2018-8931

CVE-2018-8930

Posted on 2018년 3월 22일2018년 3월 23일 by admin

CVE-2018-8930

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3.

Source: CVE-2018-8930

CVE-2017-16771

Posted on 2018년 3월 22일2018년 3월 23일 by admin

CVE-2017-16771

Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Source: CVE-2017-16771

CVE-2017-0935

Posted on 2018년 3월 22일2018년 3월 23일 by admin

CVE-2017-0935

Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.

Source: CVE-2017-0935

CVE-2017-0934

Posted on 2018년 3월 22일2018년 3월 23일 by admin

CVE-2017-0934

Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.

Source: CVE-2017-0934