- 본 슬라이드는 게임 유형을 분류하고 설명한다.

 

 

 

■ Viewpoints and Camera Perspectives - 2D and 3D

 

- Static Background

- Top Down

- Side Scrolling

- Vertical Scrolling

- Isometric (2.5 D)

- First Person (eye camera)

- Third Person (follow camera)

 

 

■ Genres and Styles

 

- Action Games

- Adventures Games

- Action Adventure Games

- Strategy Games

- Simulation Games

- Role Playing Games

- Sports Games

 

 

■ Temporal Aspects

 

- Real Time

- Turn Based

- Time Manipulation

- Time Travel

- Timed Action

 

 

■ Ending Types

 

- Finite

- Infinite / Endless

- Branching

- Post-Games

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

- 본 슬라이드는 게임 개발에 대한 소개를 다루는 슬라이드로, 세대별로 구분한 게임의 역사, 플랫폼(모바일/콘솔/핸드핼드 콘솔/PC/TV/Wearable/VR/AR), 게임엔진 등을 간략하게 소개한다.

 

 

 

■ Video Game

 

- 시청각 장치를 사용하여 일련의 규칙으로 재생되고, 스토리를 기반으로 진행되는 게임이다.

 

 

■ Current Mobile Platforms

 

- Google Android

- Apple iOS

- Microsoft Windows Phone

- Samsung Tizen

- Amazon FireOS

- Ubuntu Touch

 

 

■ Current Console Platforms

 

- Sony PlayStation 4 / PlayStation 4 Pro

- Microsoft Xbox One / Xbox One S

- Nintendo WiiU

- Nintendo Switch

 

 

■ Current Handheld Console Platforms

 

- Sony Playstation Vita

- Nintendo 3DS

- Nintendo WiiU

- Nintendo Switch

 

 

■ Current Computer Platforms

 

- Microsoft Windows

- Apple macOS

- Linux

- Google Chrome OS

 

 

■ Current TV Platforms

 

- Google Android TV

- Apple tvOS

- Samsung smart TV

- Amazon fire TV

 

 

■ Current Wearable Platforms

 

- Google Androis Wear

- Apple WatchOS

- Samsung Tizen for Wearables

- Pebble OS

- Web OS

 

 

■ Current VR/AR Platforms

 

- Google Cardboard

- Samsung Gear VR

- Oculus Rift

- Valve Steam VR (HTC Vive)

- Sony Playstation VR

- Google Daydream VR

- Microsoft Hololens

 

 

■ Game Engine

 

- 게임엔진은 게임 개발을 위한 프레임워크 이다.

- 기본적으로 다음과 같은 구성을 갖는다.

 

 

 

 

 

 

 

■ Current Popular Game Engines

 

 

▶ Available to all

 

- Unreal Engine

- Unity 3D

- Cry Engine

- Game Maker Studio

- Construct

 

 

▶ Available to selected

 

- Naughty Dog Game Engine

- RAGE

- Frostbite

- Anvil

- IW Engine

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

 

■ Data driven Game development

 

- 게임 개발의 목적인 '재미'의 극대화를 위하여 게임 개발 프로세스의 각 단계로부터 유의미한 데이터를 취합, 분석하여 개발에 적용하는 방법론

 

- 본 슬라이드는 '재미'의 측정과 개발에의 적용을 이야기 한다.

 

 

■ How do you measure Fun?

 

- UX methods: 플레이어 행위 관찰 / 플레이어 의견 및 피드백

- Telemetry: 플레이어의 게임 내 행위를 객관적으로 정량화하는 데 사용 / 부하 관리 필요

- Biometrics: 무의식적인 플레이어의 행위를 정량화하는 데 사용 / eye tracking, skin conductance

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
iodata -- wn-g300r3_firmware WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. 2017-04-28 9.0 CVE-2017-2141
JVN(link is external)
MISC(link is external)
iodata -- wn-g300r3_firmware Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 10.0 CVE-2017-2142
JVN(link is external)
MISC(link is external)
ipa -- appgoat Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. 2017-04-28 7.5 CVE-2017-2101
JVN(link is external)
BID

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
booking_calendar_project -- booking_calendar Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. 2017-04-28 5.0 CVE-2017-2150
JVN(link is external)
MISC(link is external)
booking_calendar_project -- booking_calendar Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2151
JVN(link is external)
MISC(link is external)
buffalo_inc -- wnc01wh_firmware WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 5.2 CVE-2017-2152
JVN(link is external)
cubecart -- cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. 2017-04-28 4.0 CVE-2017-2090
JVN(link is external)
BID(link is external)
MISC(link is external)
cubecart -- cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. 2017-04-28 4.0 CVE-2017-2098
JVN(link is external)
BID(link is external)
MISC(link is external)
cubecart -- cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. 2017-04-28 4.0 CVE-2017-2117
JVN(link is external)
BID(link is external)
MISC(link is external)
cybozu -- garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. 2017-04-28 4.0 CVE-2017-2091
JVN(link is external)
BID(link is external)
MISC(link is external)
cybozu -- garoon Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. 2017-04-28 4.3 CVE-2017-2093
JVN(link is external)
BID(link is external)
MISC(link is external)
cybozu -- garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. 2017-04-28 4.0 CVE-2017-2094
JVN(link is external)
BID(link is external)
MISC(link is external)
cybozu -- garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. 2017-04-28 4.0 CVE-2017-2095
JVN(link is external)
BID(link is external)
MISC(link is external)
cybozu -- office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. 2017-04-28 4.0 CVE-2017-2115
JVN(link is external)
BID(link is external)
MISC(link is external)
cybozu -- office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. 2017-04-28 4.0 CVE-2017-2116
JVN(link is external)
BID(link is external)
MISC(link is external)
gaku -- tablacus_explorer Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. 2017-04-28 6.8 CVE-2017-2140
JVN(link is external)
MISC(link is external)
i.con_corporation -- hoozin_viewer Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage. 2017-04-28 6.8 CVE-2017-2155
JVN(link is external)
MISC(link is external)
ibm -- websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. 2017-04-28 6.8 CVE-2017-1194
CONFIRM(link is external)
BID(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8343
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8344
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8345
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8346
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8347
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8348
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8349
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8350
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8351
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8352
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8353
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8354
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8355
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8356
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8357
CONFIRM(link is external)
information-technology_promotion_agency -- introduction_to_safe_website_operation Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. 2017-04-28 6.8 CVE-2017-2128
JVN(link is external)
BID(link is external)
ipa -- appgoat Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. 2017-04-28 6.8 CVE-2017-2099
JVN(link is external)
BID(link is external)
ipa -- appgoat Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. 2017-04-28 6.8 CVE-2017-2100
JVN(link is external)
BID(link is external)
ipa -- appgoat Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-04-28 6.8 CVE-2017-2102
JVN(link is external)
BID(link is external)
justsystems -- hanako Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 6.8 CVE-2017-2154
JVN(link is external)
MISC(link is external)
libarchive -- libarchive The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. 2017-04-30 4.3 CVE-2016-10349
MISC(link is external)
libarchive -- libarchive The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. 2017-04-30 4.3 CVE-2016-10350
MISC(link is external)
libsndfile_project -- libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. 2017-04-30 4.3 CVE-2017-8361
MISC
libsndfile_project -- libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. 2017-04-30 4.3 CVE-2017-8362
MISC
libsndfile_project -- libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. 2017-04-30 4.3 CVE-2017-8363
MISC
libsndfile_project -- libsndfile The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. 2017-04-30 4.3 CVE-2017-8365
MISC
netgear -- prosafe_plus_configuration_utility ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. 2017-04-28 4.3 CVE-2017-2137
JVN(link is external)
MISC(link is external)
olive_design -- olive_blog Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. 2017-04-28 4.3 CVE-2016-7839
JVN(link is external)
BID(link is external)
olive_design -- olive_blog Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter. 2017-04-28 4.3 CVE-2016-7840
JVN(link is external)
BID(link is external)
olive_design -- olive_diary_dx Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. 2017-04-28 4.3 CVE-2016-7841
JVN(link is external)
BID(link is external)
onethird -- onethird_cms Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. 2017-04-28 4.3 CVE-2017-2123
JVN(link is external)
BID(link is external)
MISC(link is external)
onethird -- onethird_cms Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php. 2017-04-28 4.3 CVE-2017-2124
JVN(link is external)
MISC(link is external)
securebrain -- phishwall_client_for_internet_explorer Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-04-28 6.8 CVE-2017-2130
JVN(link is external)
MISC(link is external)
BID(link is external)
uchida_yoko_co._ltd -- assetbase Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2134
JVN(link is external)
BID(link is external)
wbce -- wbce_cms Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2118
JVN(link is external)
BID(link is external)
MISC
wbce -- wbce_cms Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. 2017-04-28 5.0 CVE-2017-2119
JVN(link is external)
BID(link is external)
MISC
wbce -- wbce_cms SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. 2017-04-28 6.0 CVE-2017-2120
JVN(link is external)
BID(link is external)
MISC
wp_statistics -- wp_statistics Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2135
JVN(link is external)
MISC(link is external)
wp_statistics -- wp_statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. 2017-04-28 4.3 CVE-2017-2136
JVN(link is external)
BID(link is external)
MISC(link is external)
wp_statistics -- wp_statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2147
JVN(link is external)
BID(link is external)
MISC

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cybozu -- garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2092
JVN(link is external)
BID(link is external)
MISC(link is external)
cybozu -- office Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2114
JVN(link is external)
BID(link is external)
MISC(link is external)
iodata -- wn-ac1167gr_firmware Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2148
JVN(link is external)
MISC(link is external)
BID(link is external)
yourownprogrammer -- yop_poll Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2127
JVN(link is external)
BID

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
21st_century_insurance -- 21st_century_insurance_app
 
The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5919
MISC(link is external)
360fly -- 4k_cameras 360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program. 2017-05-01 not yet calculated CVE-2017-8403
MISC(link is external)
7-zip32.dll -- 7-zip32.dll
 
Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-04-28 not yet calculated CVE-2017-2107
MISC(link is external)
JVN(link is external)
BID(link is external)
accellioin -- accellion_fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding. 2017-05-05 not yet calculated CVE-2017-8760
MISC(link is external)
accellion -- fta_devices
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. 2017-05-05 not yet calculated CVE-2017-8304
MISC(link is external)
accellion -- fta_devices
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. 2017-05-05 not yet calculated CVE-2017-8303
MISC(link is external)
accellion -- fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. 2017-05-05 not yet calculated CVE-2017-8791
MISC(link is external)
accellion -- fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter. 2017-05-05 not yet calculated CVE-2017-8795
MISC(link is external)
accellion -- fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. 2017-05-05 not yet calculated CVE-2017-8792
MISC(link is external)
accellion -- fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. 2017-05-05 not yet calculated CVE-2017-8789
MISC(link is external)
accellion -- fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. 2017-05-05 not yet calculated CVE-2017-8788
MISC(link is external)
accellion -- fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. 2017-05-05 not yet calculated CVE-2017-8796
MISC(link is external)
accellion -- fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection. 2017-05-05 not yet calculated CVE-2017-8790
MISC(link is external)
accellion -- fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern. 2017-05-05 not yet calculated CVE-2017-8794
MISC(link is external)
accellion -- fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy. 2017-05-05 not yet calculated CVE-2017-8793
MISC(link is external)
access_cx_app -- access_cx_app
 
The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-28 not yet calculated CVE-2017-2110
JVN(link is external)
BID(link is external)
advantech -- b+b_smartworx_mesr901_firmware
 
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages. 2017-05-05 not yet calculated CVE-2017-7909
MISC
advantech -- webaccess
 
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. 2017-05-02 not yet calculated CVE-2016-5810
MISC(link is external)
MISC
advantech -- webaccess
 
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. 2017-05-05 not yet calculated CVE-2017-7929
MISC
allied_telesis -- centrecom_ar260s_v2
 
Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account. 2017-04-28 not yet calculated CVE-2017-2125
JVN(link is external)
MISC(link is external)
BID(link is external)
america's_first_federal_credit_union -- mobile_banking_app
 
The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5916
MISC(link is external)
apache -- qpid_proton
 
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. 2017-05-02 not yet calculated CVE-2016-4467
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
atlassian -- hipchat
 
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. 2017-05-05 not yet calculated CVE-2017-8080
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
atlassian -- hipchat
 
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. 2017-05-05 not yet calculated CVE-2017-8058
MISC(link is external)
atlassian -- sourcetree
 
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632. 2017-05-04 not yet calculated CVE-2017-8768
MISC(link is external)
MISC
MISC(link is external)
avahi -- avahi
 
avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. 2017-04-30 not yet calculated CVE-2017-6519
MISC(link is external)
MISC(link is external)
axis_communications -- network_cameras
 
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. 2017-05-02 not yet calculated CVE-2015-8257
MISC(link is external)
BID(link is external)
EXPLOIT-DB(link is external)
banco_de_costa_rica -- bcr_movil_app
 
The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5918
MISC(link is external)
banco_santander_mexico -- sa_puermovil_app
 
The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5911
MISC(link is external)
bmc -- server_automation
 
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. 2017-05-02 not yet calculated CVE-2016-5063
BID(link is external)
CONFIRM(link is external)
bose -- soundtouch_30
 
The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. 2017-04-30 not yet calculated CVE-2017-6520
MISC(link is external)
brave -- brave
 
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site. 2017-05-03 not yet calculated CVE-2017-8458
MISC(link is external)
MISC(link is external)
ca_technologies -- CA-client_automation
 
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. 2017-05-05 not yet calculated CVE-2017-8391
CONFIRM(link is external)
certec_edv -- atvise_scada
 
A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-6029
MISC
certec_edv -- atvise_scada
 
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-6031
MISC
cisco -- cvr100w_wireless-n_VPN_router
 
A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457. 2017-05-03 not yet calculated CVE-2017-6620
BID(link is external)
CONFIRM(link is external)
cisco -- firepower
 
A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361. 2017-05-03 not yet calculated CVE-2017-6625
BID(link is external)
CONFIRM(link is external)
cisco -- ios
 
A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939. 2017-05-03 not yet calculated CVE-2017-6624
BID(link is external)
CONFIRM(link is external)
cisco -- unified_contact_center_enterprise
 
A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314. 2017-05-03 not yet calculated CVE-2017-6626
BID(link is external)
CONFIRM(link is external)
cisco -- unity_connection
 
A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118. 2017-05-03 not yet calculated CVE-2017-6629
BID(link is external)
CONFIRM(link is external)
cisco -- wide_area_application_services
 
A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133. 2017-05-03 not yet calculated CVE-2017-6628
BID(link is external)
CONFIRM(link is external)
citrix -- xenmobile_server
 
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. 2017-05-05 not yet calculated CVE-2016-6877
MISC(link is external)
cloud_foundry -- cloud_controller
 
The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. 2017-05-02 not yet calculated CVE-2016-5006
CONFIRM(link is external)
CONFIRM
craft_cms -- craft_cms
 
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. 2017-05-01 not yet calculated CVE-2017-8385
CONFIRM(link is external)
CONFIRM(link is external)
craft_cms -- craft_cms
 
Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. 2017-05-01 not yet calculated CVE-2017-8383
CONFIRM(link is external)
CONFIRM(link is external)
craft_cms -- craft_cms
 
Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. 2017-05-01 not yet calculated CVE-2017-8384
CONFIRM(link is external)
CONFIRM(link is external)
cybervision -- kaa_iot_platform
 
A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-7911
MISC
cybozu -- kunai
 
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. 2017-04-28 not yet calculated CVE-2017-2109
JVN(link is external)
BID(link is external)
MISC(link is external)
cybozu -- remote_service_manager
 
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. 2017-04-28 not yet calculated CVE-2016-7815
JVN(link is external)
BID(link is external)
MISC(link is external)
dahua -- multiple_devices
 
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. 2017-05-05 not yet calculated CVE-2017-7925
MISC(link is external)
MISC
dahua -- multiple_devices
 
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password. 2017-05-05 not yet calculated CVE-2017-7927
MISC(link is external)
MISC
dollar_bank -- dollar_bank_mobile_app
 
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5905
MISC(link is external)
dot_it -- banque_zitouna_app
 
The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5914
MISC(link is external)
electronic_funds_source -- mobile_driver_source_app
 
The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5909
MISC(link is external)
emc -- data_dominion
 
EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. 2017-05-04 not yet calculated CVE-2017-4983
CONFIRM(link is external)
BID(link is external)
emirates_nbd_bank -- pjsc_emirates_nbd_ksa_app
 
The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5915
MISC(link is external)
ether_software -- multiple_products Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username. 2017-04-30 not yet calculated CVE-2017-8367
MISC(link is external)
EXPLOIT-DB(link is external)
ettercap_project -- ettercap
 
The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter. 2017-04-30 not yet calculated CVE-2017-8366
MISC
everyday_health -- diabetes_in_check_app
 
The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5906
MISC(link is external)
f5 -- multiple_products
 
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow. 2017-05-01 not yet calculated CVE-2017-6128
CONFIRM(link is external)
forex.com -- forextrader_app
 
The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5912
MISC(link is external)
forex.com -- tradeking_forex_app
 
The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5913
MISC(link is external)
foxit_software -- foxit_reader_phantompdf Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. 2017-05-03 not yet calculated CVE-2017-8454
MISC(link is external)
MISC(link is external)
foxit_software -- foxit_reader_phantompdf
 
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. 2017-05-03 not yet calculated CVE-2017-8453
MISC(link is external)
MISC(link is external)
foxit_software -- foxit_reader_phantompdf
 
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. 2017-05-03 not yet calculated CVE-2017-8455
MISC(link is external)
MISC(link is external)
foxit_software -- foxit_reader
 
Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. 2017-05-05 not yet calculated CVE-2017-8059
MISC(link is external)
franklin_fueling_systems -- ts-550_evo

 
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload. 2017-05-01 not yet calculated CVE-2017-6565
MISC(link is external)
MISC(link is external)
franklin_fueling_systems -- ts-550_evo
 
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks. 2017-05-01 not yet calculated CVE-2017-6564
MISC(link is external)
MISC(link is external)
genixcms -- genixcms
 
GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element. 2017-05-03 not yet calculated CVE-2017-8762
MISC(link is external)
genixcms -- genixcms
 
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter. 2017-05-01 not yet calculated CVE-2017-8377
MISC(link is external)
genixcms -- genixcms
 
GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. 2017-05-01 not yet calculated CVE-2017-8376
MISC(link is external)
genixcms -- genixcms
 
GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element. 2017-05-04 not yet calculated CVE-2017-8780
MISC(link is external)
genixcms -- genixcms
 
GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request. 2017-05-01 not yet calculated CVE-2017-8388
MISC(link is external)
getsimple -- getsimple_cms
 
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce. 2017-04-30 not yet calculated CVE-2017-8081
CONFIRM(link is external)
gitlab -- gitlab
 
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. 2017-05-04 not yet calculated CVE-2017-8778
CONFIRM(link is external)
CONFIRM(link is external)
gnu_binutils -- gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. 2017-05-01 not yet calculated CVE-2017-8397
CONFIRM
gnu_binutils -- gnu_binutils
 
The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. 2017-05-02 not yet calculated CVE-2017-8421
CONFIRM
gnu_binutils -- gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. 2017-05-01 not yet calculated CVE-2017-8396
CONFIRM
gnu_binutils -- gnu_binutils
 
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. 2017-05-01 not yet calculated CVE-2017-8398
CONFIRM
gnu_binutils -- gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. 2017-05-01 not yet calculated CVE-2017-8394
CONFIRM
gnu_binutils -- gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. 2017-05-01 not yet calculated CVE-2017-8395
CONFIRM
gnu_binutils -- gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. 2017-05-01 not yet calculated CVE-2017-8393
CONFIRM
gnu_binutils -- gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. 2017-05-01 not yet calculated CVE-2017-8392
CONFIRM
gnulib -- gnulib
 
Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. 2017-05-02 not yet calculated CVE-2017-7476
CONFIRM
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
google -- grpc
 
Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. 2017-04-30 not yet calculated CVE-2017-8359
BID(link is external)
MISC
MISC(link is external)
great_southern_bank -- great_southern_mobile_banking_app
 
The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5907
MISC(link is external)
hibara -- attachecase
 
Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. 2017-04-28 not yet calculated CVE-2016-7842
JVN(link is external)
BID(link is external)
MISC
hibara -- attachecase
 
Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. 2017-04-28 not yet calculated CVE-2016-7843
JVN(link is external)
MISC(link is external)
BID(link is external)
hikvision -- ds-2cd2xx2f-i_ds-2cd2xx0f-i
 
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. 2017-05-05 not yet calculated CVE-2017-7921
MISC(link is external)
MISC
hikvision -- ds-2cd2xx2f-i_ds-2cd2xx0f-i
 
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information. 2017-05-05 not yet calculated CVE-2017-7923
MISC(link is external)
MISC
ibm -- bigfix_remote_control
 
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. 2017-05-03 not yet calculated CVE-2016-2930
CONFIRM(link is external)
BID(link is external)
ibm -- insights_foundation_for_energy
 
IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. 2017-04-28 not yet calculated CVE-2017-1141
CONFIRM(link is external)
BID(link is external)
ibm -- marketing_platform
 
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564. 2017-05-05 not yet calculated CVE-2016-0255
CONFIRM(link is external)
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. 2017-05-03 not yet calculated CVE-2016-9976
CONFIRM(link is external)
BID(link is external)
ibm -- tealeaf_consumer_experience
 
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356. 2017-05-03 not yet calculated CVE-2016-0382
CONFIRM(link is external)
BID(link is external)
ibm -- tivoli_storage_manager
 
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. 2017-05-05 not yet calculated CVE-2016-8916
CONFIRM(link is external)
ibm -- websphere_cast_iron_solutions
 
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515. 2017-05-05 not yet calculated CVE-2016-9691
CONFIRM(link is external)
ibm -- websphere_cast_iron_solutions
 
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516. 2017-05-05 not yet calculated CVE-2016-9692