본문말씀 : 신명기 9장 1-8절

1.이스라엘아 들으라 네가 오늘 요단을 건너 너보다 강대한 나라들로 들어가서 그것을 차지하리니 그 성읍들은 크고 성벽은 하늘에 닿았으며 2.크고 많은 백성은 네가 아는 아낙 자손이라 그에 대한 말을 네가 들었나니 이르기를 누가 아낙 자손을 능히 당하리요 하거니와 3.오늘 너는 알라 네 하나님 여호와께서 맹렬한 불과 같이 네 앞에 나아가신즉 여호와께서 그들을 멸하사 네 앞에 엎드러지게 하시리니 여호와께서 네게 말씀하신 것 같이 너는 그들을 쫓아내며 속히 멸할 것이라 4.네 하나님 여호와께서 그들을 네 앞에서 쫓아내신 후에 네가 심중에 이르기를 내 공의로움으로 말미암아 여호와께서 나를 이 땅으로 인도하여 들여서 그것을 차지하게 하셨다 하지 말라 이 민족들이 악함으로 말미암아 여호와께서 그들을 네 앞에서 쫓아내심이니라 5.네가 가서 그 땅을 차지함은 네 공의로 말미암음도 아니며 네 마음이 정직함으로 말미암음도 아니요 이 민족들이 악함으로 말미암아 네 하나님 여호와께서 그들을 네 앞에서 쫓아내심이라 여호와께서 이같이 하심은 네 조상 아브라함과 이삭과 야곱에게 하신 맹세를 이루려 하심이니라 6.그러므로 네가 알 것은 네 하나님 여호와께서 네게 이 아름다운 땅을 기업으로 주신 것이 네 공의로 말미암음이 아니니라 너는 목이 곧은 백성이니라 7.너는 광야에서 네 하나님 여호와를 격노하게 하던 일을 잊지 말고 기억하라 네가 애굽 땅에서 나오던 날부터 이 곳에 이르기까지 늘 여호와를 거역하였으되 8.호렙 산에서 너희가 여호와를 격노하게 하였으므로 여호와께서 진노하사 너희를 멸하려 하셨느니라

신명기(46) 복을 위해 버려야 할 것 (신명기 9장 1-8절)

1. 교만

 가나안을 눈앞에 두고 요단강을 건너기 전에 하나님은 이스라엘에게 그들보다 강대한 가나안 7족속들의 땅을 차지할 것이라고 말씀했습니다(1절). 심지어는 남쪽 산지에 거주하는 거인족인 아낙 자손도 능히 이길 수 있다고 말씀하셨습니다(2절). 어떻게 이길 수 있습니까? 심판하시는 하나님의 도우심으로 이길 수 있다고 했습니다(3절). 그런 승리 후에 하나님께서 꼭 버려야 할 것으로 말씀한 것이 ‘교만’입니다(4절).

 400여 년의 노예생활과 40년의 광야생활을 거친 이스라엘 백성이 강력한 가나안 족속들을 물리친 것은 사실상 기적이었습니다. 그런 기적적인 승리를 얻는 것도 중요하지만 그렇게 승리한 후 넘어지지 않는 것도 중요합니다. 왜 승리한 후에 넘어집니까? 교만 때문입니다. 하나님께서 이스라엘 백성들에게 광야를 허락하신 겸손하게 만들기 위해서였습니다. 만약 광야 없이 가나안이 주어졌다면 그들은 가나안의 축복으로 교만해져서 금방 하나님을 잊어버렸을 것입니다.

 언뜻 생각하면 “어떻게 그 놀라운 은혜를 잊습니까? 안 잊을 것입니다.”라고 생각할 수도 있지만 출애굽 시절에 10대 재앙과 홍해가 갈라지는 기적을 체험하고도 광야에 들어서서 곧 원망하고 불평했던 것을 생각하십시오. 습관적인 불평과 원망은 교만의 산물이 경우가 많습니다. 하나님은 교만을 버리고 겸손하게 만드시려고 가끔 광야를 허락하십니다. 현재 힘든 광야의 삶이 펼쳐지고 있다고 생각되면 겸손해지고 순탄한 가나안의 삶이 펼쳐지고 있다고 생각되면 더욱 겸손해지십시오.

2. 공로의식

 하나님은 약속을 지키시는 하나님입니다(5절). 승리의 역사를 이루면 약속을 지켜주신 하나님의 은혜로 그런 승리가 이뤄졌음을 깨닫고 공로의식을 버리십시오. 교만과 공로의식은 가장 파멸적인 것입니다. 늘 겸손한 마음과 감사하는 마음을 잃지 마십시오. 교만과 공로의식이 비례하는 것이듯이 겸손과 감사의식도 비례하는 것입니다. 사람의 의로움보다 하나님의 약속이 훨씬 소중한 능력의 원천임을 잊지 마십시오.

 어떤 성취를 해도 자신의 힘과 능력으로 했다고 자신을 내세우지 말고 하나님의 능력과 도우심을 기억하고 내세우십시오. 신앙생활에서 가장 큰 문제는 바로 ‘나’입니다. ‘나’라는 대명사를 너무 앞세우면 반드시 패망합니다. 미디안과의 전쟁을 준비할 때 하나님은 기드온에게 32000명의 군사가 많다고 하시면서 승리 후 자기들 힘으로 이겼다고 교만해질까봐 백일조 교인인 300명만 남기고 대부분을 돌려보냈습니다.

 어떤 일이든지 자기 힘으로 성취했다고 생각하는 것은 불신앙이고 하나님이 주시는 힘으로 성취했다고 믿는 것이 신앙입니다. 성경에서 ‘하나님’이란 단어를 찾아 빨간색 표시를 하면 성경이 온통 빨갛게 될 것입니다. 그것은 삶의 주인과 역사의 주인이 하나님이라는 증거입니다. ‘나’라는 존재가 제왕처럼 나를 다스리려는 것이 모든 문제의 씨앗입니다. 내 삶의 주인은 하나님이심을 늘 잊지 마십시오.

3. 우상숭배

 이스라엘은 광야 40년 동안 교만과 불신으로 하나님을 격노하게 할 때가 많았습니다(7절). 특히 하나님을 가장 격노하게 한 사건은 호렙산 사건이었습니다(8절). 즉 모세가 십계명을 받으러 호렙산(시내산)에 올라가 있는 동안 아론과 백성들이 금송아지를 만들어 숭배한 사건이 하나님을 가장 격노하게 했습니다. 모세가 출애굽 제 2세대들에게 그 사실을 기억하게 한 것은 결코 우상숭배에 빠지지 말라는 뜻입니다.

 현대인들에게 가장 큰 우상이 된 것은 물질입니다. 그러나 하나님의 다스림 안에서만 재물과 재능도 의미가 있는 것입니다. 어렵고 가난하고 아팠을 때 하나님을 잘 믿고 의지하다가 축복받은 후에 하나님을 잊을 때가 얼마나 많습니까? 물질적인 여유로 인해 하나님의 은혜를 잊지 말고 늘 하나님의 은혜를 기억하며 사십시오.

 삭개오는 예수님을 만난 후 자기 재물을 가난한 사람들에게 나누어주었습니다. 아리마대 요셉은 자기 무덤을 예수님의 묘로 드렸습니다. 물질을 하나님의 선하신 뜻을 위해 기쁘게 바치려는 것은 우상숭배에 빠지지 않겠다는 일종의 실천적인 다짐입니다. 형편이 좋아지고 잘살게 되어도 “내가 해냈다.”라는 생각을 버리고 “하나님께서 해주셨다.”라는 고백을 통해 승리 후에도 길을 잃지 않는 복된 심령들이 되십시오.

ⓒ 이한규목사  http://www.john316.or.kr

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

[유명 게임사에서 웹개발(Front-End) 인재를 찾습니다]

 

5년이상의 경력이 필요하고요, 포털사 경력 우대합니다. ^^

 

관심이 있으신 분께서는 제게 링크드인 메시지(https://www.linkedin.com/in/eungjin-cho-03ab3320/)

를 주시거나


choeungjin@gmail.com 으로 가지고 계신 이력서를 보내주시면 됩니다.

감사합니다.

저작자 표시 비영리 변경 금지
신고
Posted by manga0713
제가 헤드헌팅 일도 하시는 거 아시죠 ^^ 도와 주세요~~
소개, 추천, 지원 부탁 드립니다.

[금융권 CRM 업무 시스템 분석/설계 경력자를 찾습니다.]

경력 7년 이상으로 차/부장급 포지션 입니다.
금융권 업무(SI 등) 경험자로서 CRM 프로젝트 분석/설계 경험자를 우대 합니다.

수행업무는 시스템 구축 프로젝트, 솔루션 개발 입니다.

자세한 설명이나 지원/추천을 원하시면
choeungjin@gmail.com 으로나 메일을 주시면 됩니다.


감사합니다.


저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

 

■ 클라우드 서비스 접속 보안 브로커 (Cloud Access Security Broker: CASB)

 

 

- Gartner가 2014년 향후 정보보호분야 10대 유망기술 중 1위로 선정한 것

 

- 클라우드 서비스 이용자와 클라우드 서비스 사이에 위치하여 독립적으로 보안 기능을 수행

 

- 클라우드 서비스 이용에 대한 접근 통제, 내부정보 유출방지, 이상탐지, 로깅, 감사 등의 보안 기능을 수행

 

 

 

1. CASB의 개념

 

- 필요에 따라 서비스 형태로 제공하여 다양한 보안 위협에 대비할 수 있다.

 

- 가시성, 준수, 위협 방지, 데이터 보안 4가지를 중요하게 여기고 있으며, 이러한 바탕에 접근 통제, 내부정보 유출방지, 이상탐지, 로깅, 감사 등의 보안 기능을 수행한다.

 

 

○ CASB 기능

 

- 클라우드 서비스 검색 및 위험 평가: 각 서비스의 위험 평가와 회사에서 사용중인 모든 클라우드 서비스 검색

 

- 암호화: 기업 제어 암호화 키를 사용하여 클라우드 데이터 암호화

 

- 접근 통제: 사용자, 장치 또는 위치의 컨텍스트를 기반으로 클라우드 서비스에 대한 접근 제어

 

- 데이터 손실 방지(DLP): 내부 정보 유출 방지 또는 사용중인 DLP 솔루션과의 통합을 통해 클라우드로 이동하는 데이터 DLP 적용

 

- 로깅 및 감사: 클라우드 서비스에서 수행한 모든 작업의 로깅 및 감사 추적을 통해 법규 및 보안 정책 준수 여부를 검증하고 잠재적 위반 조사

 

- 이상탐지: 잠재적인 데이터 유출, 보안 위반 등을 판단하여 보안 관리자에게 제시 및 해당 이용자에게 경고

 

- 각 기능별로 고유의 보안 요구 사항을 수용할 수 있어야 한다.

 

 

 

2. CASB의 종류

 

① 에이전트형 CASB

② 프라이빗 CASB

③ 퍼블릭 CASB

④ API형 CASB

 

 

 

3. CASB의 특징

 

 

 

 

 

4. 향후 CASB의 고려사항

 

- 보안정책 변경에 따른 정책의 일시성, 동시성 보장

 

- 중복된 보안 기능 수행 최소화

 

- CASB 사이의 효율적이고 안전한 보안통신

 

 

 

 

** 출처: [ITFIND] 클라우드 서비스 보안기술 동향 - CASB

** 문서:

179601.pdf

 

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
ibm -- websphere_cast_iron_solution IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515. 2017-05-05 9.0 CVE-2016-9691
CONFIRM(link is external)
BID(link is external)
ibm -- websphere_cast_iron_solution IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516. 2017-05-05 7.8 CVE-2016-9692
CONFIRM(link is external)
BID

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
genixcms -- genixcms forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests. 2017-05-08 6.4 CVE-2017-8827
MISC(link is external)
ibm -- marketing_platform IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564. 2017-05-05 4.3 CVE-2016-0255
CONFIRM(link is external)
BID(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-05-08 4.3 CVE-2017-8830
CONFIRM(link is external)
Back to top

 

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

 

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- experience_manager_forms
 
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms. 2017-05-09 not yet calculated CVE-2017-3067
BID(link is external)
CONFIRM(link is external)
adobe -- flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution. 2017-05-09 not yet calculated CVE-2017-3070
BID(link is external)
CONFIRM(link is external)
adobe -- flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution. 2017-05-09 not yet calculated CVE-2017-3069
BID(link is external)
CONFIRM(link is external)
adobe -- flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. 2017-05-09 not yet calculated CVE-2017-3072
BID(link is external)
CONFIRM(link is external)
adobe -- flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution. 2017-05-09 not yet calculated CVE-2017-3071
BID(link is external)
CONFIRM(link is external)
adobe -- flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution. 2017-05-09 not yet calculated CVE-2017-3074
BID(link is external)
CONFIRM(link is external)
adobe -- flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution. 2017-05-09 not yet calculated CVE-2017-3073
BID(link is external)
CONFIRM(link is external)
adobe -- flash_player
 
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution. 2017-05-09 not yet calculated CVE-2017-3068
BID(link is external)
CONFIRM(link is external)
adodb -- adodb
 
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4855
JVN(link is external)
CONFIRM(link is external)
advantech -- b+b_smartworx_mesr901 A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages. 2017-05-05 not yet calculated CVE-2017-7909
BID(link is external)
MISC
advantech -- webaccess
 
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. 2017-05-05 not yet calculated CVE-2017-7929
BID(link is external)
MISC
allendisk -- id_parameter
 
Allen Disk 1.6 has XSS in the id parameter to downfile.php. 2017-05-08 not yet calculated CVE-2017-8832
CONFIRM(link is external)
allendisk -- setpass.php
 
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. 2017-05-08 not yet calculated CVE-2017-8848
MISC(link is external)
ambari -- ambari
 
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes. 2017-05-12 not yet calculated CVE-2017-5654
CONFIRM
CONFIRM
artifexghostscript -- mark_line_tr
 
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. 2017-05-12 not yet calculated CVE-2017-8908
MISC(link is external)
asus_rt-ac_rt-n -- firmware ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map. 2017-05-10 not yet calculated CVE-2017-5892
MISC(link is external)
MISC(link is external)
asus_rt-ac_rt-n -- firmware
 
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF. 2017-05-10 not yet calculated CVE-2017-5891
MISC(link is external)
MISC(link is external)
asus_rt-ac_rt-n -- asus_rt_ac_rt_n ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. 2017-05-10 not yet calculated CVE-2017-8878
MISC(link is external)
asus_rt-ac_rt-n -- asus_rt_ac_rt_n
 
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. 2017-05-10 not yet calculated CVE-2017-8877
MISC(link is external)
atlassian -- hipchat
 
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. 2017-05-05 not yet calculated CVE-2017-8058
BID(link is external)
MISC(link is external)
basercms -- basercms
 
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4878
CONFIRM(link is external)
JVN(link is external)
basercms -- basercms
 
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4882
CONFIRM(link is external)
JVN(link is external)
basercms -- basercms
 
Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4883
CONFIRM(link is external)
JVN(link is external)
basercms -- plugin_blog
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4884
CONFIRM(link is external)
JVN(link is external)
basercms -- plugin_blog
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4881
CONFIRM(link is external)
JVN(link is external)
basercms -- plugin_blog
 
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4880
CONFIRM(link is external)
JVN(link is external)
basercms -- plugin_feed
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4885
CONFIRM(link is external)
JVN(link is external)
basercms -- plugin_mail
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4879
CONFIRM(link is external)
JVN(link is external)
basercms -- plugin_mail
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4886
CONFIRM(link is external)
JVN(link is external)
basercms -- plugin_mail
 
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4877
CONFIRM(link is external)
JVN(link is external)
basercms -- plugin_uploader
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4887
CONFIRM(link is external)
JVN(link is external)
basercms -- basercms
 
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors. 2017-05-12 not yet calculated CVE-2016-4876
MISC(link is external)
JVN(link is external)
blackberry -- management_console
 
A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console. 2017-05-10 not yet calculated CVE-2017-3894
CONFIRM(link is external)
blf_tech_llc -- visualview_hmi
 
An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. 2017-05-08 not yet calculated CVE-2017-6051
BID(link is external)
MISC
brocadefibrechannelsan -- os_(fos)
 
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters. 2017-05-08 not yet calculated CVE-2016-8202
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
brocadenetiron -- brocade_netiron
 
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module. 2017-05-08 not yet calculated CVE-2016-8209
CONFIRM(link is external)
caclientautomation -- os_installation_management_component
 
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. 2017-05-05 not yet calculated CVE-2017-8391
BID(link is external)
CONFIRM(link is external)
certec -- edv_gmbh_atvise_scada A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-6031
BID(link is external)
MISC
certec -- edv_gmbh_atvise_scada
 
A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-6029
BID(link is external)
MISC
citrix -- xenmobile_server
 
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. 2017-05-05 not yet calculated CVE-2016-6877
BID(link is external)
MISC(link is external)
cmsmadesimple --  admin_editusertag_php
 
** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug." 2017-05-12 not yet calculated CVE-2017-8912
MISC(link is external)
conexantsystems -- mictray64task
 
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process. 2017-05-12 not yet calculated CVE-2017-8360
MISC(link is external)
MISC(link is external)
cybervision -- kaa_iot_platform A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-7911
BID(link is external)
MISC
dahua -- configuration_file
 
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. 2017-05-05 not yet calculated CVE-2017-7925
MISC(link is external)
BID(link is external)
MISC
dahua -- dh_ipc A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password. 2017-05-05 not yet calculated CVE-2017-7927
MISC(link is external)
BID(link is external)
MISC
dolibarr -- erp_crm
 
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. 2017-05-10 not yet calculated CVE-2017-8879
MISC(link is external)
dolibarr -- erp_crm Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. 2017-05-10 not yet calculated CVE-2017-7888
MISC(link is external)
dolibarr -- erp_crm Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. 2017-05-10 not yet calculated CVE-2017-7887
MISC(link is external)
dolibarr -- erp_crm
 
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. 2017-05-10 not yet calculated CVE-2017-7886
MISC(link is external)
dropboxlepton -- dos_lepton_file
 
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. 2017-05-10 not yet calculated CVE-2017-8891
MISC(link is external)
MISC(link is external)
MISC(link is external)
emc -- mainframe_enablers_resourcepak_base
 
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system. 2017-05-08 not yet calculated CVE-2017-4982
CONFIRM(link is external)
BID(link is external)
f5 -- big_ip 
 
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. 2017-05-09 not yet calculated CVE-2017-6137
CONFIRM(link is external)
f5 -- big_ip In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile. 2017-05-09 not yet calculated CVE-2016-9253
CONFIRM(link is external)
f5 -- big_ip In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection. 2017-05-09 not yet calculated CVE-2016-9251
CONFIRM(link is external)
f5 -- big_ip In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user. 2017-05-09 not yet calculated CVE-2016-9257
CONFIRM(link is external)
f5 -- big_ip In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change. 2017-05-09 not yet calculated CVE-2016-9256
BID(link is external)
CONFIRM(link is external)
f5 -- big_ip_apm
 
In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters. 2017-05-09 not yet calculated CVE-2017-0302
CONFIRM(link is external)
f5 -- big_ip
 
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. 2017-05-10 not yet calculated CVE-2016-9250
CONFIRM(link is external)
fiyocms -- dapur_apps_app_config_controller_backuper_php
 
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. 2017-05-09 not yet calculated CVE-2017-8853
MISC(link is external)
flatcore -- acp_core_files_browser_php
 
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. 2017-05-10 not yet calculated CVE-2017-8868
CONFIRM(link is external)
flightgear -- fgcommand_interface
 
In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956. 2017-05-12 not yet calculated CVE-2017-8921
CONFIRM(link is external)
gemalto -- smartdiag_diagnosis Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe. 2017-05-08 not yet calculated CVE-2017-6953
EXPLOIT-DB(link is external)
gnu -- c_library
 
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. 2017-05-07 not yet calculated CVE-2017-8804
CONFIRM(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM
goodix -- touchscreen_driver An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602. 2017-05-12 not yet calculated CVE-2017-0622
CONFIRM(link is external)
google -- android An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682. 2017-05-12 not yet calculated CVE-2017-0634
CONFIRM(link is external)
google -- android A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107. 2017-05-12 not yet calculated CVE-2017-0635
CONFIRM(link is external)
CONFIRM(link is external)
google -- android An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833. 2017-05-12 not yet calculated CVE-2017-0628
CONFIRM(link is external)
google -- android An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232. 2017-05-12 not yet calculated CVE-2017-0631
CONFIRM(link is external)
google -- android An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833. 2017-05-12 not yet calculated CVE-2017-0629
CONFIRM(link is external)
google -- android An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115. 2017-05-12 not yet calculated CVE-2017-0630
CONFIRM(link is external)
google -- android An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131. 2017-05-12 not yet calculated CVE-2017-0633
CONFIRM(link is external)
google -- android
 
An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353. 2017-05-12 not yet calculated CVE-2017-0627
CONFIRM(link is external)
google -- android
 
The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application. 2017-05-12 not yet calculated CVE-2016-4839
CONFIRM(link is external)
MISC(link is external)
JVN(link is external)
google -- android
 
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications. 2017-05-09 not yet calculated CVE-2016-6799
BID(link is external)
MLIST
google -- android
 
The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application. 2017-05-12 not yet calculated CVE-2016-4838
CONFIRM(link is external)
MISC(link is external)
JVN(link is external)
google -- android An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589. 2017-05-12 not yet calculated CVE-2017-0604
CONFIRM(link is external)
google -- android Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data. 2017-05-10 not yet calculated CVE-2017-4896
BID(link is external)
CONFIRM(link is external)
google -- android In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used. 2017-05-12 not yet calculated CVE-2017-8246
CONFIRM
google -- android An elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399704. References: QC-CR#1048480. 2017-05-12 not yet calculated CVE-2017-0605
CONFIRM(link is external)
google -- android An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928. 2017-05-12 not yet calculated CVE-2017-0607
CONFIRM(link is external)
google -- android A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994. 2017-05-12 not yet calculated CVE-2017-0603
CONFIRM(link is external)
CONFIRM(link is external)
google -- android A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635. 2017-05-12 not yet calculated CVE-2017-0600
CONFIRM(link is external)
CONFIRM(link is external)
google -- android In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs. 2017-05-12 not yet calculated CVE-2017-8245
CONFIRM
google -- android A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34672748. 2017-05-12 not yet calculated CVE-2017-0599
CONFIRM(link is external)
CONFIRM(link is external)
google -- android An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677. 2017-05-12 not yet calculated CVE-2017-0598
CONFIRM(link is external)
google -- android An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955. 2017-05-12 not yet calculated CVE-2017-0602
CONFIRM(link is external)
google -- android An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579. 2017-05-12 not yet calculated CVE-2017-0601
CONFIRM(link is external)
google -- android An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34617444. 2017-05-12 not yet calculated CVE-2017-0594
CONFIRM(link is external)
CONFIRM(link is external)
google -- android An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392. 2017-05-12 not yet calculated CVE-2017-0596
CONFIRM(link is external)
CONFIRM(link is external)
google -- android An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34705519. 2017-05-12 not yet calculated CVE-2017-0595
CONFIRM(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672. 2017-05-12 not yet calculated CVE-2017-0591
CONFIRM(link is external)
CONFIRM(link is external)
google -- android An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230. 2017-05-12 not yet calculated CVE-2017-0593
CONFIRM(link is external)
google -- android A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607. 2017-05-12 not yet calculated CVE-2017-0588
CONFIRM(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788. 2017-05-12 not yet calculated CVE-2017-0592
CONFIRM(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946. 2017-05-12 not yet calculated CVE-2017-0590
CONFIRM(link is external)
CONFIRM(link is external)
google -- android An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34749571. 2017-05-12 not yet calculated CVE-2017-0597
CONFIRM(link is external)
google -- android A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036. 2017-05-12 not yet calculated CVE-2017-0589
CONFIRM(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737. 2017-05-12 not yet calculated CVE-2017-0587
CONFIRM(link is external)
CONFIRM(link is external)
google -- android
 
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data. 2017-05-10 not yet calculated CVE-2017-4895
BID(link is external)
CONFIRM(link is external)
google -- android
 
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). 2017-05-12 not yet calculated CVE-2017-8244
CONFIRM
google -- android
 
An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550. 2017-05-12 not yet calculated CVE-2017-0493
CONFIRM(link is external)
h2o -- h2o
 
H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy. 2017-05-12 not yet calculated CVE-2016-4864
CONFIRM(link is external)
JVN(link is external)
hikvision -- ds-2cd2xx2f_i A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information. 2017-05-05 not yet calculated CVE-2017-7923
MISC(link is external)
BID(link is external)
MISC
hikvision -- ds-2cd2xx2f_i
 
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. 2017-05-05 not yet calculated CVE-2017-7921
MISC(link is external)
BID(link is external)
MISC
htc-- bootloader
 
An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32512358. 2017-05-12 not yet calculated CVE-2017-0623
CONFIRM(link is external)
ibmtivolistoragemanager -- ibm_tivoli_storage_manager
 
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. 2017-05-05 not yet calculated CVE-2016-8916
CONFIRM(link is external)
BID(link is external)
ibm -- cognos_analytics
 
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516. 2017-05-10 not yet calculated CVE-2016-3032
CONFIRM(link is external)
ibm -- interact
 
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 115084. 2017-05-10 not yet calculated CVE-2016-5888
CONFIRM(link is external)
ibm -- interact
 
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085. 2017-05-10 not yet calculated CVE-2016-5889
CONFIRM(link is external)
ibm -- rational_quality_manager
 
IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896. 2017-05-10 not yet calculated CVE-2016-6035
CONFIRM(link is external)
ibm -- rational_team_concert
 
IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918. 2017-05-10 not yet calculated CVE-2016-6037
CONFIRM(link is external)
ibm -- team_concert
 
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665. 2017-05-10 not yet calculated CVE-2017-1103
CONFIRM(link is external)
ibm -- websphere_application_server
 
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549. 2017-05-10 not yet calculated CVE-2017-1137
CONFIRM(link is external)
ibm -- websphere_portal IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592 2017-05-05 not yet calculated CVE-2017-1156
CONFIRM(link is external)
BID(link is external)
installer -- primedrive_desktop_application
 
Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory. 2017-05-12 not yet calculated CVE-2017-2167
MISC(link is external)
JVN(link is external)
invisionpowerservices -- community_suite Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation. 2017-05-11 not yet calculated CVE-2017-8899
MISC(link is external)
MISC(link is external)
MISC(link is external)
invisionpowerservices -- community_suite Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option. 2017-05-11 not yet calculated CVE-2017-8898
MISC(link is external)
MISC(link is external)
MISC(link is external)
invisionpowerservices -- community_suite
 
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement. 2017-05-11 not yet calculated CVE-2017-8897
MISC(link is external)
MISC(link is external)
MISC(link is external)
keycloak -- node_js_adapter
 
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks. 2017-05-12 not yet calculated CVE-2017-7474
CONFIRM(link is external)
libetpan -- mime_handling_component
 
A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses. 2017-05-08 not yet calculated CVE-2017-8825
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
libtiff -- tiffwritedirectorytagcheckedrational
 
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. 2017-05-10 not yet calculated CVE-2016-10371
CONFIRM
CONFIRM
libxml2 -- html_parser_c
 
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. 2017-05-10 not yet calculated CVE-2017-8872
MISC
libzpaq -- bufread::get()_function
 
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive. 2017-05-08 not yet calculated CVE-2017-8842
MISC
MISC(link is external)
libzpaq -- bufread::get()_function
 
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. 2017-05-08 not yet calculated CVE-2017-8847
MISC
MISC(link is external)
libzpaq -- join_pthread_function The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. 2017-05-08 not yet calculated CVE-2017-8843
MISC
MISC(link is external)
libzrip -- read_1g
 
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. 2017-05-08 not yet calculated CVE-2017-8844
MISC
MISC(link is external)
lintian -- lintian
 
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. 2017-05-08 not yet calculated CVE-2017-8829
CONFIRM
linux -- kernel The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. 2017-05-12 not yet calculated CVE-2017-8925
CONFIRM
CONFIRM
CONFIRM(link is external)
linux -- kernel
 
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls. 2017-05-11 not yet calculated CVE-2017-7472
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM
linux -- kernel
 
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. 2017-05-10 not yet calculated CVE-2017-8890
CONFIRM
CONFIRM(link is external)
linux -- kernel
 
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. 2017-05-12 not yet calculated CVE-2017-8924
CONFIRM
CONFIRM
CONFIRM(link is external)
lzolx_d_ch -- lzolx_decompress
 
The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive. 2017-05-08 not yet calculated CVE-2017-8845
MISC
MISC(link is external)
mautic -- mautic
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts. 2017-05-10 not yet calculated CVE-2017-8874
MISC(link is external)
mediatek -- camera_driver
 
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35399703. References: QC-CR#831322. 2017-05-12 not yet calculated CVE-2017-0621
CONFIRM(link is external)
mediatek -- command_queue_driver An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35100728. References: M-ALPS03161536. 2017-05-12 not yet calculated CVE-2017-0618
CONFIRM(link is external)
mediatek -- pin_controller_driver An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566. 2017-05-12 not yet calculated CVE-2017-0619
CONFIRM(link is external)
mediatek -- power_driver An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34259126. References: M-ALPS03150278. 2017-05-12 not yet calculated CVE-2017-0615
CONFIRM(link is external)
mediatek -- system_management An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160. 2017-05-12 not yet calculated CVE-2017-0616
CONFIRM(link is external)
mediatek -- video_driver An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173. 2017-05-12 not yet calculated CVE-2017-0617
CONFIRM(link is external)
mediatek -- command_queue_driver
 
An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531. 2017-05-12 not yet calculated CVE-2017-0625
CONFIRM(link is external)
mediatek -- thermal_driver
 
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445. 2017-05-12 not yet calculated CVE-2016-10280
CONFIRM(link is external)
mediatek -- thermal_driver
 
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475. 2017-05-12 not yet calculated CVE-2016-10281
CONFIRM(link is external)
mediatek -- thermal_driver
 
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189. 2017-05-12 not yet calculated CVE-2016-10282
CONFIRM(link is external)
mediatek -- touchscreen
 
An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901. 2017-05-12 not yet calculated CVE-2016-10274
CONFIRM(link is external)
microsoft -- .net_framework
 
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." 2017-05-12 not yet calculated CVE-2017-0248
CONFIRM(link is external)
microsoft -- activex
 
An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability." 2017-05-12 not yet calculated CVE-2017-0242
CONFIRM(link is external)
microsoft -- asp_net A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. 2017-05-12 not yet calculated CVE-2017-0247
MISC(link is external)
microsoft -- asp_net
 
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. 2017-05-12 not yet calculated CVE-2017-0256
MISC(link is external)
microsoft -- asp_net
 
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. 2017-05-12 not yet calculated CVE-2017-0249
MISC(link is external)
microsoft -- browsers
 
A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability." 2017-05-12 not yet calculated CVE-2017-0231
CONFIRM(link is external)
microsoft -- edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238. 2017-05-12 not yet calculated CVE-2017-0235
CONFIRM(link is external)
microsoft -- edge
 
A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240. 2017-05-12 not yet calculated CVE-2017-0221
CONFIRM(link is external)
microsoft -- edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. 2017-05-12 not yet calculated CVE-2017-0234
CONFIRM(link is external)
microsoft -- edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238. 2017-05-12 not yet calculated CVE-2017-0236
CONFIRM(link is external)
microsoft -- edge
 
An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0233. 2017-05-12 not yet calculated CVE-2017-0241
CONFIRM(link is external)
microsoft -- edge
 
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0241. 2017-05-12 not yet calculated CVE-2017-0233
CONFIRM(link is external)
microsoft -- edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. 2017-05-12 not yet calculated CVE-2017-0230
CONFIRM(link is external)
microsoft -- edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. 2017-05-12 not yet calculated CVE-2017-0229
CONFIRM(link is external)
microsoft -- edge