총 513페이지 분량으로 집대성한 4차 산업혁명의 전세계적 동향 국내 산업의 산업별 대응전략을 기술한 연구보고서.

 

 

 

** 출처: [kiet] 4차 산업혁명의 글로벌 동향과 한국산업의 대응전략

** 문서:

4차산업혁명의 글로벌 동향_.egg

 

 

 

 

 

 

■ 목차

 

 

제1편 4차 산업혁명의 전개양상과 한국산업의 전략적 대응방향

 

제2편 주요 제조강국의 4차 산업혁명 추진동향 연구

 

제3편 4차 산업혁명이 한국 제조업에 미치는 영향과 시사점

 

 

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

 

***출처: [IITP] 스마트 자동차: 자율주행자동차 기술 동향 - 송유승 책임연구원

***문서:

file8683401823539281808-181501.pdf

 

 

I.   서론

1. 스마트 자동차의 광의적 개념

2. 스마트 자동차 서비스

II.  스마트 자동차의 자율주행기술 개발 동향

1. 스마트 자동차의 자율주행 단계

2. 국내 자율주행기술 개발 동향

3. 해외 자율주행기술 개발 동향

III.  기대효과

1. 도로교통 분야

2. 도심환경 분야

3. 에너지 효율

4. 사회문화 및 복지

5. 신 산업 및 기술

IV.  현안과제

V.   결론

 

 

 

 

 

■ 국내 자율주행기술 개발 현황

 

 

 

 

 

 

■ 국내 자율주행기술 비교

 

 

 

 

 

 

■ 국내 자율주행자동차 운행 허가 취득 현황

 

 

 

 

 

 

■ 미국의 자율주행기술 개발 현황 및 계획

 

 

 

 

 

 

 

■ 유럽의 자율주행기술 개발 현황 및 계획

 

 

 

 

 

 

■ 일본의 자율주행기술 개발 현황 및 계획

 

 

 

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

 


 두 종류의 반응이 있습니다. ‘반사적인 반응(reaction)’과 ‘수용적인 반응(response)’입니다. 반사적인 반응은 눈에는 눈으로 반응하고 이에는 이로 반응하는 것입니다. 수용적인 반응은 연못(pond)이 물을 수용한 후 다시 물을 흘려보내는 식으로 반응하는 것입니다. 수용적으로 반응할 때는 연못의 크기가 클수록 악을 선으로 승화시키는 승화 지수가 높아집니다. 바다는 거대한 연못과 같습니다. 성도는 반사적으로 반응하지 말고 바다와 같은 마음을 가지고 수용적으로 반응하기를 힘써야 합니다.

 바다와 같은 수용적인 삶의 기초 과목 중의 하나가 악을 선으로 갚는 용서 과목입니다. 그 과목의 이수가 쉽지 않습니다. 용서받는 사람 입장에서는 용서가 어렵지 않게 느껴져도 용서하는 사람 입장에서는 용서가 매우 어렵습니다. 용서가 쉽지는 않지만 자신을 향한 하나님의 크신 용서를 깨닫고 진심으로 감사하면 용서의 능력이 커집니다. 용서는 남을 자유롭게 해서 은혜를 주려고 하다가 오히려 자신이 자유롭게 되는 은혜를 받게 합니다.

 ‘눈에는 눈으로’라는 동해보복률의 구약적인 삶이 지금도 통용되면 눈이 성한 상태로 남을 사람은 아마 한 사람도 없게 될 것입니다. 마음의 연못을 마음의 바다처럼 키워 악을 선으로 갚으십시오. 힘들고 억울해도 기도하며 자기 사명에 집중할 때 하나님은 가장 공의롭게 모든 상황을 처리하실 것입니다. 하나님의 공의의 손길을 믿고 한과 증오의 고리를 끊어냄으로 하나님께서 준비하신 차원 높은 새로운 은혜를 맛보십시오.

ⓒ 이한규목사  http://www.john316.or.kr

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

[이미지출처: isBuzznews]

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
corega -- wlr_300_nm_firmware CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2017-09-15 7.7 CVE-2017-10813
MISC(link is external)
JVN(link is external)
corega -- wlr_300_nm_firmware Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. 2017-09-15 7.7 CVE-2017-10814
MISC(link is external)
JVN(link is external)
daj -- i-filter_installer Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-15 9.3 CVE-2017-10858
MISC(link is external)
JVN(link is external)
daj -- i-filter_installer Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-15 9.3 CVE-2017-10859
MISC(link is external)
JVN(link is external)
daj -- i-filter_installer Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. 2017-09-15 9.3 CVE-2017-10860
MISC(link is external)
BID(link is external)
JVN(link is external)
fujitsu -- fence-explorer Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-15 9.3 CVE-2017-10855
MISC(link is external)
JVN(link is external)
helpdesk_pro_project -- helpdesk_pro Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. 2017-09-20 7.5 CVE-2015-4073
MISC(link is external)
FULLDISC
BID(link is external)
EXPLOIT-DB(link is external)
imagemagick -- imagemagick ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. 2017-09-17 7.1 CVE-2017-14531
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. 2017-09-17 7.5 CVE-2017-14532
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. 2017-09-21 7.5 CVE-2017-14624
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. 2017-09-21 7.5 CVE-2017-14625
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. 2017-09-21 7.5 CVE-2017-14626
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
linux -- linux_kernel The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. 2017-09-15 7.2 CVE-2017-14497
CONFIRM
MLIST
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
nexusphp_project -- nexusphp NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. 2017-09-17 7.5 CVE-2017-14512
MISC(link is external)
nttdocomo -- wi-fi_station_l-02f_firmware Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. 2017-09-15 10.0 CVE-2017-10845
JVN(link is external)
MISC(link is external)
polycom -- realpresence_resource_manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. 2017-09-19 7.2 CVE-2015-4681
FULLDISC
BUGTRAQ(link is external)
BID(link is external)
MISC(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
polycom -- realpresence_resource_manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. 2017-09-19 7.5 CVE-2015-4683
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
BID(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- cloud_web_security Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. 2017-09-19 5.0 CVE-2015-0689
CISCO(link is external)
freedesktop -- poppler In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. 2017-09-17 4.3 CVE-2017-14517
CONFIRM
freedesktop -- poppler In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. 2017-09-17 6.8 CVE-2017-14518
CONFIRM
freedesktop -- poppler In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). 2017-09-17 5.0 CVE-2017-14519
CONFIRM
freedesktop -- poppler In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. 2017-09-17 6.8 CVE-2017-14520
CONFIRM
gnu -- binutils The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. 2017-09-17 4.3 CVE-2017-14529
CONFIRM
CONFIRM
CONFIRM
google -- android Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. 2017-09-15 4.6 CVE-2015-1527
BID(link is external)
CONFIRM(link is external)
MISC(link is external)
graphicsmagick -- graphicsmagick ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. 2017-09-17 4.3 CVE-2017-14504
CONFIRM
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
helpdesk_pro_project -- helpdesk_pro Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task. 2017-09-20 5.0 CVE-2015-4074
MISC(link is external)
FULLDISC
BID(link is external)
EXPLOIT-DB(link is external)
helpdesk_pro_project -- helpdesk_pro The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task. 2017-09-20 6.8 CVE-2015-4075
MISC(link is external)
FULLDISC
BID(link is external)
EXPLOIT-DB(link is external)
huawei -- p8_firmware Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. 2017-09-20 4.3 CVE-2015-8224
CONFIRM(link is external)
ibm -- security_identity_manager Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. 2017-09-18 6.8 CVE-2014-6106
BID(link is external)
XF(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input. 2017-09-17 4.3 CVE-2017-14505
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. 2017-09-17 4.3 CVE-2017-14528
MISC
BID(link is external)
MISC
imagemagick -- imagemagick ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. 2017-09-17 4.3 CVE-2017-14533
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. 2017-09-20 5.8 CVE-2017-14607
BID(link is external)
CONFIRM(link is external)
irfanview -- irfanview IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x000000000011d767." 2017-09-18 4.6 CVE-2017-14539
MISC(link is external)
irfanview -- irfanview IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e." 2017-09-18 4.6 CVE-2017-14540
MISC(link is external)
irfanview -- irfanview IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4." 2017-09-18 4.6 CVE-2017-14578
MISC(link is external)
joomla -- joomla! Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. 2017-09-20 5.8 CVE-2015-5608
BID(link is external)
CONFIRM
libarchive -- libarchive An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. 2017-09-17 4.3 CVE-2017-14501
MISC
MISC(link is external)
libarchive -- libarchive read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. 2017-09-17 5.0 CVE-2017-14502
MISC
MISC
MISC(link is external)
libarchive -- libarchive libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. 2017-09-17 4.3 CVE-2017-14503
MISC
MISC(link is external)
linux -- linux_kernel The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR). 2017-09-20 4.9 CVE-2017-12168
CONFIRM
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
linux -- linux_kernel The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. 2017-09-15 4.9 CVE-2017-14489
CONFIRM(link is external)
CONFIRM
magento -- e-commerce Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. 2017-09-20 4.3 CVE-2014-9758
MISC(link is external)
MLIST(link is external)
metinfo -- metinfo Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. 2017-09-17 5.0 CVE-2017-14513
MISC(link is external)
moodle -- moodle Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. 2017-09-18 4.3 CVE-2017-12156
BID(link is external)
CONFIRM
nexusphp_project -- nexusphp Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. 2017-09-18 4.3 CVE-2017-14534
MISC(link is external)
nttdocomo -- wi-fi_station_l-02f_firmware Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. 2017-09-15 5.0 CVE-2017-10846
JVN(link is external)
MISC(link is external)
openwebif_project -- openwebif OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access. 2017-09-17 6.8 CVE-2017-9333
MISC(link is external)
MISC(link is external)
polycom -- realpresence_resource_manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager. 2017-09-19 4.0 CVE-2015-4682
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
BID(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
polycom -- realpresence_resource_manager Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager. 2017-09-19 5.5 CVE-2015-4684
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
BID(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
polycom -- realpresence_resource_manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration. 2017-09-19 4.4 CVE-2015-4685
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
BID(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
pragyan_cms_project -- pragyan_cms Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. 2017-09-19 4.0 CVE-2017-14600
MISC(link is external)
pragyan_cms_project -- pragyan_cms Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. 2017-09-19 4.0 CVE-2017-14601
MISC(link is external)
pydio -- pydio Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities." 2017-09-19 4.3 CVE-2015-3432
BID(link is external)
CONFIRM(link is external)
silverstripe -- silverstripe SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. 2017-09-15 4.3 CVE-2017-14498
MISC(link is external)
MISC
MISC(link is external)
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .epub file, related to a "Read Access Violation on Block Data Move starting at STDUEPubFile!DllUnregisterServer+0x0000000000010262." 2017-09-18 4.6 CVE-2017-14542
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335." 2017-09-18 4.6 CVE-2017-14543
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUEPubFile!DllUnregisterServer+0x000000000003fff1." 2017-09-18 4.6 CVE-2017-14544
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000010332." 2017-09-18 4.6 CVE-2017-14545
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d." 2017-09-18 4.6 CVE-2017-14546
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mobi file, related to a "Read Access Violation starting at STDUMOBIFile!DllUnregisterServer+0x000000000002efc0." 2017-09-18 4.6 CVE-2017-14547
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000854d." 2017-09-18 4.6 CVE-2017-14548
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d." 2017-09-18 4.6 CVE-2017-14549
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000e8b8." 2017-09-18 4.6 CVE-2017-14550
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9f2." 2017-09-18 4.6 CVE-2017-14551
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9a9." 2017-09-18 4.6 CVE-2017-14552
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x00000000000085f5." 2017-09-18 4.6 CVE-2017-14553
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d908." 2017-09-18 4.6 CVE-2017-14554
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000ec6e." 2017-09-18 4.6 CVE-2017-14555
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000da27." 2017-09-18 4.6 CVE-2017-14556
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000dd3f." 2017-09-18 4.6 CVE-2017-14557
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2." 2017-09-18 4.6 CVE-2017-14558
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005af2." 2017-09-18 4.6 CVE-2017-14559
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2." 2017-09-18 4.6 CVE-2017-14560
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d called from STDUXPSFile!DllUnregisterServer+0x0000000000025638." 2017-09-18 4.6 CVE-2017-14561
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d." 2017-09-18 4.6 CVE-2017-14562
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005311." 2017-09-18 4.6 CVE-2017-14563
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000028657." 2017-09-18 4.6 CVE-2017-14564
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000038f2fbf called from image00000000_00400000+0x0000000000240065." 2017-09-18 4.6 CVE-2017-14565
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x00000000039d76c4 called from Unknown Symbol @ 0x0000000000049d2c." 2017-09-18 4.6 CVE-2017-14566
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b." 2017-09-18 4.6 CVE-2017-14567
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x000000000297024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025630." 2017-09-18 4.6 CVE-2017-14568
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Read Access Violation starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd5." 2017-09-18 4.6 CVE-2017-14569
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64LdrpInitialize+0x00000000000008e1." 2017-09-18 4.6 CVE-2017-14570
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706." 2017-09-18 4.6 CVE-2017-14571
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x000000000479049b called from Unknown Symbol @ 0x000000000d89645b." 2017-09-18 4.6 CVE-2017-14572
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566a." 2017-09-18 4.6 CVE-2017-14573
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x0000000004940490." 2017-09-18 4.6 CVE-2017-14574
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566c." 2017-09-18 4.6 CVE-2017-14575
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281." 2017-09-18 4.6 CVE-2017-14576
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d." 2017-09-18 4.6 CVE-2017-14577
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000005b70." 2017-09-18 4.6 CVE-2017-14579
MISC(link is external)
sugarcrm -- sugarcrm An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits. 2017-09-17 6.5 CVE-2017-14508
MISC(link is external)
MISC(link is external)
sugarcrm -- sugarcrm An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue. 2017-09-17 6.5 CVE-2017-14509
MISC(link is external)
MISC(link is external)
sugarcrm -- sugarcrm An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along. 2017-09-17 4.3 CVE-2017-14510
MISC(link is external)
MISC(link is external)
tenda -- w15e_firmware Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. 2017-09-17 5.0 CVE-2017-14514
CONFIRM(link is external)
tenda -- w15e_firmware Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. 2017-09-17 5.0 CVE-2017-14515
CONFIRM(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823." 2017-09-18 4.6 CVE-2017-14538
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e." 2017-09-18 4.6 CVE-2017-14541
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f." 2017-09-18 4.6 CVE-2017-14580
MISC(link is external)
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
afterlogic -- aurora AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. 2017-09-19 3.5 CVE-2017-14597
CONFIRM(link is external)
helpdesk_pro_project -- helpdesk_pro Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message. 2017-09-20 3.5 CVE-2015-4072
MISC(link is external)
FULLDISC
BID(link is external)
EXPLOIT-DB(link is external)
ibm -- curam_social_program_management Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568. 2017-09-19 3.5 CVE-2014-6191
CONFIRM(link is external)
BID(link is external)
vmware -- vcenter_server VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. 2017-09-15 3.5 CVE-2017-4926
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
389_directory_server -- 389_directory_server
 
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. 2017-09-19 not yet calculated CVE-2015-1854
FEDORA
BID(link is external)
REDHAT(link is external)
CONFIRM(link is external)
abstrium -- pydio
 
Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." 2017-09-19 not yet calculated CVE-2015-3431
BID(link is external)
CONFIRM(link is external)
apache -- http_server
 
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c. 2017-09-18 not yet calculated CVE-2017-9798
MISC(link is external)
BID(link is external)
SECTRACK(link is external)
MISC
MISC
MISC(link is external)
MISC(link is external)
MISC
MISC
EXPLOIT-DB(link is external)
apache -- solr
 
Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Solr 6.6.1 onwards. 2017-09-18 not yet calculated CVE-2017-9803
MLIST
BID(link is external)
apache -- struts2
 
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672. 2017-09-20 not yet calculated CVE-2017-9804
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
CISCO(link is external)
apache -- struts2
 
The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. 2017-09-15 not yet calculated CVE-2017-9805
BID(link is external)
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM
CONFIRM
CISCO(link is external)
EXPLOIT-DB(link is external)
apache -- struts2
 
In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. 2017-09-20 not yet calculated CVE-2016-6795
BID(link is external)
CONFIRM
apache -- struts2
 
In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. 2017-09-20 not yet calculated CVE-2017-12611
CONFIRM(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM
apache -- struts2
 
The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. 2017-09-20 not yet calculated CVE-2017-9793
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
CISCO(link is external)
apache -- struts2
 
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. 2017-09-20 not yet calculated CVE-2016-8738
BID(link is external)
CONFIRM
apache -- tomcat
 
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. 2017-09-19 not yet calculated CVE-2017-12615
BID(link is external)
SECTRACK(link is external)
MLIST
apache -- tomcat
 
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. 2017-09-19 not yet calculated CVE-2017-12616
BID(link is external)
SECTRACK(link is external)
MLIST
arm -- trusted_firmware
 
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. 2017-09-20 not yet calculated CVE-2017-9607
CONFIRM(link is external)
CONFIRM(link is external)
artifex -- mupdf
 
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. 2017-09-22 not yet calculated CVE-2017-14685
MISC(link is external)
MISC(link is external)
MISC(link is external)
artifex -- mupdf
 
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. 2017-09-22 not yet calculated CVE-2017-14686
MISC(link is external)
MISC(link is external)
MISC(link is external)
artifex -- mupdf
 
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. 2017-09-22 not yet calculated CVE-2017-14687
MISC(link is external)
MISC(link is external)
MISC(link is external)
asp4cms -- aspcms
 
member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter. 2017-09-22 not yet calculated CVE-2017-14653
MISC(link is external)
astaro -- security_gateway
 
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx. 2017-09-19 not yet calculated CVE-2017-6315
EXPLOIT-DB(link is external)
bareos -- bareos
 
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. 2017-09-20 not yet calculated CVE-2017-14610
MISC
be126 -- wifi_repeater
 
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the telnet and will infect the device with malicious code. 2017-09-20 not yet calculated CVE-2017-8771
MISC(link is external)
be126 -- wifi_repeater
 
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires (malicious or not). 2017-09-20 not yet calculated CVE-2017-8772
MISC(link is external)
be126 -- wifi_repeater
 
There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter. 2017-09-20 not yet calculated CVE-2017-8770
MISC(link is external)
EXPLOIT-DB(link is external)
bento4 -- bento4 A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. 2017-09-21 not yet calculated CVE-2017-14644
MISC
bento4 -- bento4 The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h. 2017-09-21 not yet calculated CVE-2017-14643
MISC
MISC(link is external)
MISC(link is external)
bento4 -- bento4 A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service. 2017-09-21 not yet calculated CVE-2017-14645
MISC
bento4 -- bento4 A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash in AP4_StdcFileByteStream::ReadPartial in System/StdC/Ap4StdCFileByteStream.cpp, which leads to remote denial of service. 2017-09-21 not yet calculated CVE-2017-14642
MISC
MISC(link is external)
MISC(link is external)
bento4 -- bento4
 
A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. 2017-09-21 not yet calculated CVE-2017-14647
MISC
bento4 -- bento4
 
The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. 2017-09-21 not yet calculated CVE-2017-14646
MISC
MISC(link is external)
MISC(link is external)
bento4 -- bento4
 
A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. 2017-09-21 not yet calculated CVE-2017-14640
MISC
MISC(link is external)
MISC(link is external)
bento4 -- bento4
 
AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h. 2017-09-21 not yet calculated CVE-2017-14638
MISC
MISC(link is external)
MISC(link is external)
bento4 -- bento4
 
A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. 2017-09-21 not yet calculated CVE-2017-14641
MISC
MISC(link is external)
MISC(link is external)
bento4 -- bento4
 
AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact. 2017-09-21 not yet calculated CVE-2017-14639
MISC
MISC(link is external)
MISC(link is external)
bladeenc -- bladeenc
 
A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. 2017-09-21 not yet calculated CVE-2017-14648
MISC
ca -- identity_manager
 
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. 2017-09-22 not yet calculated CVE-2017-9393
BID(link is external)
CONFIRM(link is external)
chef_software -- chef
 
The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages. 2017-09-21 not yet calculated CVE-2015-8559
MLIST(link is external)
CONFIRM(link is external)
cisco -- email_securit_appliance
 
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354. 2017-09-21 not yet calculated CVE-2017-12215
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- findit_network_discovery_utility
 
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCve89785. 2017-09-21 not yet calculated CVE-2017-12252
BID(link is external)
CONFIRM(link is external)
cisco -- small_business_managed_switches
 
A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377. 2017-09-21 not yet calculated CVE-2017-6720
BID(link is external)
CONFIRM(link is external)
cisco -- small_business_spa_series_phones
 
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586. 2017-09-21 not yet calculated CVE-2017-12219
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ucs_central_software
 
A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this vulnerability by entering a specific command with crafted arguments. An exploit could allow the attacker to gain shell access to the underlying system. Cisco Bug IDs: CSCve70762. 2017-09-21 not yet calculated CVE-2017-12255
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- unified_customer_voice_portal
 
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752. 2017-09-21 not yet calculated CVE-2017-12214
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- unified_intelligence_center_software

 
A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856. 2017-09-21 not yet calculated