■ 목차

 

 

1. 머리말

 

2. 반려동물산업의 시장동향 및 트렌드 변화

 

3. 국내 반려동물산업의 문제점 및 발전 가능성

 

4. 시사점

 

 

 

 

** 출처: [kiet] 국내 펫코노미(Pet+Economy) 시장의 현황과 시사점

** 문서:

2017 산업경제 7월_정책과이슈1.pdf

 

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

○ 센서는 4차 산업혁명 패러다임 변화를 주도하는 핵심 아이템

 

- 10년 전후로 매년 1조 개 생산시대(Trillion Age) 도래 예상

 

 

○ 최근 ①신규수요 급증, ②유사기능 통합, ③SW 위상 강화의 3대 트렌드 변화로 독과점이 강했던 기존 시장구조에 변화 예상

 

- 센서를 많이 사용하지 않았던 전통산업, 인프라, 농업 등에서 수요가 급증

 

- 기능이 통합된 콤보센서 증가로 다품종 소량 비즈니스 한계 완화

 

- HW 범용화 및 솔루션 위상 강화 영향으로 SW업체 등 신규 진입자가 증가

 

- HW 중심의 Top 3 업체가 시장의 70%를 장악하는 경쟁구도에 변화 예상

 

 

○ 기존 HW 메이커 중심이었던 경쟁구조가 SW업체, 전문 생산업체, 사용자 그룹의 비중이 커지면서 4자 구도로 재편될 전망

 

- SW업체들은 IoT 센서업체들과 제휴하여 정보를 수집하고 기존 서비스 플랫폼에 있는 방대한 정보와 접목하여 새로운 가치 창출(가상 센싱 기술)

 

- 센서가격 하락으로 기존 센서 강자들이 원가절감을 위해 아웃소싱 확대, 전문 생산업체(Foundry)들이 축적된 생산 노하우를 기반으로 시장 진입

 

- 센서수입에 크게 의존했던 사용자 그룹은 업계 전문성(Domain Excellence)을 기반으로 솔루션을 제품화하고 시장 개척 시도

 

 

○ 센서산업의 낙관적 전망에도 우리나라의 센서 산업생태계는 매우 취약

 

- 센서 대부분을 해외에서 수입하고 있고 설계 및 생산기반은 매우 부실

 

 

○ 4차 산업혁명 대비 센서산업 육성이 시급하며 지금은 진입에 적기, 설계- 생산-SW-수요업체가 동반성장하는 중장기 마스터플랜 마련 시급

 

- 설계업체와 생산업체가 지리적으로 인접하여 긴밀히 협업할 때, 생산원가가 낮고 시장성이 높은 스마트 센서 제작이 가능

 

- 센서 경쟁력에서 소프트파워가 중요해지면서 생태계에 SW업체 참여 중요

 

 

 

 

** 출처: [POSRI] 4차 산업혁명을 이끄는 센서 - 시장구조는 어떻게 바뀌나?

** 문서:

4차 산업혁명을 이끄는 센서 - 시장구조는 어떻게 바뀌나- .pdf

 

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

 

◆ R3CEV는 세계 최대의 블록체인 컨소시엄으로 자체 개발한 블록체인 플랫폼을 기반 으로 금융 분야에 블록체인 기술 적용을 주도하고 있음

 

 

○ 은행들은 청산 결제 거래비용 절감, 전세계 금융기관들과의 네트워크 확보, 송금 보안인증 등 다양한 금융서비스에 블록체인 기술 접목 등을 위하여 R3 CEV에 참여

 

- 최초 9개 기관에서 Citigroup, Barclays, Wells Fargo, 중국 평안그룹 등 43개 금융회사, 청산소, 거래소, 기술업체 등 80개 이상으로 가입기관이 증가

 

- ‘16년에 국내에서도 국민은행, 신한은행, 우리은행, 하나은행, 기업은행이 가입 하였으며, 하나은행은 ’17년에 가입계약을 1년 연장

 

 

 

□ R3CEV에 가입한 국내외 금융기관은 블록체인 기술을 활용하여 송금·결제, 계약 체결, 자금세탁방지 등 다양한 금융 분야의 프로젝트를 진행 중임

 

 

 

□ R3는 회원사 및 비회원사로부터 투자유치를 통해 블록체인 기술 개발 뿐만 아니라 투자기관과의 적극적인 협업을 모색하고 있음

 

 

 

 

** 출처: [KDB경제연구소] R3CEV(글로벌 블록체인 컨소시엄) 최근 동향

** 문서:

R3CEV(글로벌 블록체인 컨소시엄) 최근 동향.pdf

 

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

■ 목차

 

 

1. 블록체인이란

2. 블록체인 기술의 특징

   - 해시 기술

   - 해시를 이용한 블록체인의 불변성

   - 블록체인의 분산화에 따른 불변성

3. 블록체인 기술의 발전

   - 비트코인의 대두

   - 다양한 전자화폐의 대두

   - 전자화폐 외 서비스 확대

   - 블록체인 플랫폼

   - 분산원장기술

4. 시사점

 

 

 

** 출처: [DIGIECO] 4차 산업혁명 시대의 핵심 기술, 블록체인 - BC카드 핀테크개발팀 이지호 팀장

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

□ 4차 산업혁명 조기 실현과 주도권 확보를 위한 정부 예산 및 지원 확대

 


◦ 전담기관(Innovation Canada)을 설립하고 혁신기술 생태계 강화를 위한 연구개발(R&D) 보조금 확대와 주요 프로젝트에 대한 정부 투자 증가


  * 인공지능(AI) 분야를 집중 육성하여 디지털 정보처리 선도국가로서 위상확보 전략


◦ 온타리오 주 자율주행 집중육성, 퀘벡 주 항공우주 혁신지원, 앨버타 주 에너지 효율화 등 지역별 주력 산업 위주로 4차 산업혁명의 조기 실현을 위한 주정부 차원 지원 집중


  * 산학연 협력과 스타트업 생태계 활성화를 통한 지속가능 성장기반 확충 진행

 

 

 

□ 주요 대학을 중심으로 인공지능, 자율주행, 로봇 등 연구개발 활성화

 

 

◦ 토론토大(인공지능), 맥길大(로봇), 워털루大(자율주행) 등 가시적 성과 창출


  * 캐나다 로봇연구연합은 감정인식 로봇, 오지 심해 탐사 장치 개발 등 진행

 

◦ 세계적 인공지능 연구기관인 ‘Vector Institute’ 토론토에 설립 결정(’17.3.)

  * 동 분야에 축적된 연구 성과를 기반으로 4차 산업혁명 주도권 확보 기대감 고조

 

 

 

□ 제조업 지능화, 빅-데이터 활용, 정보보안 강화 관련 제품개발 노력

 


◦ 소프트웨어 등 강점을 보유한 기술을 응용한 제조업 지능화 추세

  * 데이터 처리 분석 활용 관련 솔루션 개발 위주로 업계 활동 집중

 

◦ 가상현실(VR) 응용제품과 사물인터넷(IoT) 아이디어 제품 개발도 활발

  * IoT의 경우 스마트휠체어 등 의료 보건 분야 및 생활가전 제품개발이 두드러짐.

 

◦ 빅-데이터, 인공지능 체제 유지에 필수적인 데이터 보안 솔루션 개발

  * 랜섬웨어(Ransomware) 등 해킹 고도화에 대응한 정보보안 강화노력

 

◦ 스타트업 창업촉진 등 혁신기술 제품개발 생태계 조성을 위한 민 관 공조강화

  * 4차 산업혁명 유관분야 전문 인력 확보 및 유휴인력 지원 등에 대한 논의도 진행

 

 

 

 

** 출처: [KOTRA] 캐나다 4차 산업혁명 기술도입 및 개발동향

** 문서:

17캐나다4차산업혁명기술도입및개발동향.pdf

 

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

 

 

[요   약]

 

 

□ 아세안은 對중국 리스크를 분산할 수 있는 투자거점이자 새로운 수익원을 창출할 수 있는 거대 소비시장으로 부상

 

 

◦ 2017~22년 기간 동안 아세안은 5~6%대의 높은 성장률을 지속할 전망

 

- 아세안은 소득수준의 향상과 중산층의 확대*로 내수시장과 서비스 상품에 대한 수요가 크게 증가

(* 아세안 내수시장의 성장을 견인할 중산층은 ’05년 22%에서 ’15년 56%로 상승)

 

 - 아세안 소비자의 디지털화는 소비시장의 구조적 변화를 가속화

 

 

◦ ‘China plus One’ 전략의 대체제로서 아세안의 중요성이 급부상

 

- ‘12년부터 일본의 對중 진출기업 수는 인건비 상승, 노동력부족, 일중 관계 악화 등의 영향으로 감소세로 전환

 

- 한편, 일본기업의 對아세안 진출기업수는 ‘12년부터 중국을 상회

 

 

 

□ 일본 서비스기업들은 아세안의 소득증가를 배경으로 확대되는 시장기 회를 선점하기 위해 다양한 업종에서 진출을 본격화

 

 

❶ (인재서비스및온라인여행) 인터넷서비스업은현지유력기업과의M&A를통해현지 네트워크와 인지도를 동시에 높이는 전략으로사업을 확장

 

◦ (리쿠르트) ‘07년부터 아세안과 인도로 해외거점을 확대, 아시아 11개국에 진출

(아세안 역내 관광의 활성화를 기대하고 현지 유력기업을 인수하여 ’12년부터 온라인 여행 예약서 비스를 인도네시아, 베트남, 필리핀에서 개시)

 

 

❷ (물류업) 복잡한 아세안의 물류체계에 진입하는데는 M&A가 효과적

 

◦ (야마토 홀딩스) ‘10년부터 싱가포르, 말레이시아, 태국의 현지기업과 M&A를 추진, 아세안 역내 간선수송 서비스 네트워크를 구축

(일본식 서비스(택배수령시간 지정, 냉장·냉동 택배, 무료 재배송, 야간 배달 등)를 제공하여 고객 서비스 만족도 측면에서 높은 평가를 받음)

 

 

❸ (부동산업) 일본의 부동산 경기침체속에서 해외사업 전개를 통해 새로운 수익원 창출

 

◦ (레오팔레스 21) ‘17년 현재 아세안을 중심으로 16개의 해외거점을 확대·설립

(아세안 현지에서도 높은 품질의 일본식 서비스를 제공, 브랜드 인지도를 확보하며 안정적인 진출기반을구축, 고객층을 점진적(일본계 기업, 현지고객, 외국계 기업)으로 확대)

 

 

❹ (외식업) 아세안소비자의 구매력 증가기회를 포착하기위해해외진출을 강화

 

◦ (오토야홀딩스) 파트너와기업과의전략적제휴(식재료공급, 좋은입지매장확보)를 통해경영안정성을확보, 이후파트너기업에매각하여프랜차이즈사업으로전환

 

 

❺ (소매업) 아세안은 역내 물류인프라 구축으로 소매유통업 시장이 비약적으로 확대하는 과정에서일본 편의점의 아세안 진출이두드러짐

 

◦ (세븐일레븐) 아세안에 진출한 편의점은 일본의 식품과 생활용품을 취급하고 공공 요금 지불, 항공권 판매 등의 서비스를 확충하면서 다양한 고객층을 확보

 

(세븐일레븐은 2017년 3월 아세안 지역에서 14,504개의 점포를 구축함. 베트남(호치민)에는 ‘17년 6월에 1호점을 개점, 향후 3년간 베트남에만 100개 점포를 출점한다는 계획을 발표)

 

 

 

** 출처: [kotra] 일본 서비스기업의 對아세안 진출전략 분석과 시사점

** 문서:

17일본서비스기업의대아세안진출전략분석과시사점.pdf

 

저작자 표시 비영리 변경 금지
신고
Posted by manga0713

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- struts The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. 2017-07-10 7.5 CVE-2017-9791
CONFIRM
BID(link is external)
SECTRACK(link is external)
cisco -- firesight_system_software A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1. 2017-07-10 7.2 CVE-2017-6735
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- prime_network A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2). 2017-07-10 7.2 CVE-2017-6732
BID(link is external)
CONFIRM(link is external)
dlink -- dir-615 On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials. 2017-07-07 7.5 CVE-2017-7405
MISC
MISC(link is external)
finecms_project -- finecms FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value. 2017-07-12 7.5 CVE-2017-11167
MISC(link is external)
foxitsoftware -- foxit_reader Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. 2017-07-07 9.3 CVE-2017-10994
BID(link is external)
CONFIRM(link is external)
freedesktop -- systemd systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. 2017-07-07 10.0 CVE-2017-1000082
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
graphicsmagick -- graphicsmagick GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. 2017-07-09 7.5 CVE-2017-11139
CONFIRM(link is external)
BID(link is external)
graphicsmagick -- graphicsmagick The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. 2017-07-09 7.1 CVE-2017-11140
CONFIRM(link is external)
BID(link is external)
imagemagick -- imagemagick The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call. 2017-07-09 7.1 CVE-2017-11141
BID(link is external)
CONFIRM(link is external)
imagemagick -- imagemagick The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. 2017-07-10 7.1 CVE-2017-11166
CONFIRM(link is external)
imagemagick -- imagemagick The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. 2017-07-12 7.8 CVE-2017-11188
CONFIRM(link is external)
irssi -- irssi An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. 2017-07-07 7.5 CVE-2017-10965
CONFIRM(link is external)
CONFIRM
irssi -- irssi An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table. 2017-07-07 7.5 CVE-2017-10966
CONFIRM(link is external)
CONFIRM
ismartalarm -- cube_one_firmware On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography. 2017-07-11 7.5 CVE-2017-7728
MISC(link is external)
ismartalarm -- cube_one_firmware iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding. 2017-07-11 7.8 CVE-2017-7730
MISC(link is external)
kddi -- home_spot_cube_2_firmware HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. 2017-07-07 8.3 CVE-2017-2186
JVN(link is external)
BID(link is external)
CONFIRM(link is external)
linux -- linux_kernel The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. 2017-07-11 10.0 CVE-2017-11176
CONFIRM
CONFIRM(link is external)
mcafee -- advanced_threat_defense Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter. 2017-07-12 7.5 CVE-2017-4052
CONFIRM(link is external)
mcafee -- advanced_threat_defense Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. 2017-07-12 7.5 CVE-2017-4053
CONFIRM(link is external)
microsoft -- edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601,CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8595
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8610, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8596
BID(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8598
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8598 and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8601
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8603
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8604
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8605
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8609
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8610
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability." 2017-07-11 7.6 CVE-2017-8617
BID(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8619
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- excel Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8501. 2017-07-11 9.3 CVE-2017-8502
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609 2017-07-11 7.6 CVE-2017-8606
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609 2017-07-11 7.6 CVE-2017-8607
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609 2017-07-11 7.6 CVE-2017-8608
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8618
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243. 2017-07-11 9.3 CVE-2017-8570
BID(link is external)
CONFIRM(link is external)
microsoft -- office_online_server Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502. 2017-07-11 9.3 CVE-2017-8501
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_rt_8.1 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. 2017-07-11 9.3 CVE-2017-8578
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_rt_8.1 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability". 2017-07-11 10.0 CVE-2017-8589
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
nfsen -- nfsen NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field). 2017-07-10 9.0 CVE-2017-7175
CONFIRM(link is external)
EXPLOIT-DB(link is external)
pcre -- pcre In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. 2017-07-10 7.8 CVE-2017-11164
MISC(link is external)
php -- php In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. 2017-07-10 7.8 CVE-2017-11142
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
schneider_electric -- wonderware_archestra_logger A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account. 2017-07-07 10.0 CVE-2017-9629
MISC(link is external)
BID(link is external)
SECTRACK(link is external)
MISC
sqlite -- sqlite The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. 2017-07-07 7.5 CVE-2017-10989
MISC(link is external)
BID(link is external)
MISC
MISC(link is external)
MISC
MISC
toshiba -- hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges. 2017-07-07 7.5 CVE-2017-2234
JVN(link is external)
toshiba -- hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges. 2017-07-07 7.5 CVE-2017-2236
JVN(link is external)
toshiba -- hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2017-07-07 10.0 CVE-2017-2237
JVN(link is external)
xar_project -- xar libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c. 2017-07-09 7.5 CVE-2017-11124
MISC
xar_project -- xar libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c. 2017-07-09 7.5 CVE-2017-11125
MISC

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- quicktime Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2218
JVN(link is external)
MISC(link is external)
brother_industries -- mfc-j960dwn_firmware Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 6.8 CVE-2017-2244
JVN(link is external)
CONFIRM(link is external)
charamin -- omp Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2227
JVN(link is external)
cisco -- asr_5000_series A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0. 2017-07-10 5.0 CVE-2017-6729
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- identity_services_engine A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151). 2017-07-10 4.3 CVE-2017-6733
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xr A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.3.1.15i.BASE 6.2.3.1i.BASE 6.2.2.15i.BASE 6.1.4.10i.BASE. 2017-07-10 6.9 CVE-2017-6728
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- ios_xr A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST. 2017-07-10 5.0 CVE-2017-6731
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- wide_area_application_services A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22). 2017-07-10 5.0 CVE-2017-6727
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cisco -- wide_area_application_services A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17. 2017-07-10 5.0 CVE-2017-6730
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
cybozu -- garoon Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page. 2017-07-07 5.8 CVE-2017-2144
JVN(link is external)
CONFIRM(link is external)
cybozu -- garoon Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. 2017-07-07 5.8 CVE-2017-2145
JVN(link is external)
CONFIRM(link is external)
dfactory -- responsive_lightbox Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 4.3 CVE-2017-2243
JVN(link is external)
BID(link is external)
CONFIRM
dlink -- dir-615 On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware. 2017-07-07 6.8 CVE-2017-7404
MISC
MISC(link is external)
dlink -- dir-615 The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. 2017-07-07 5.0 CVE-2017-7406
MISC
MISC(link is external)
download_manager_project -- download_manager Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2017-07-07 5.8 CVE-2017-2217
JVN(link is external)
CONFIRM
CONFIRM
etherpad -- etherpad Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests. 2017-07-07 5.0 CVE-2015-3297
MLIST(link is external)
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
finecms_project -- finecms FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account. 2017-07-11 4.3 CVE-2017-11179
MISC(link is external)
finecms_project -- finecms FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen. 2017-07-11 4.3 CVE-2017-11180
MISC(link is external)
finecms_project -- finecms Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter. 2017-07-12 4.3 CVE-2017-11198
MISC(link is external)
finecms_project -- finecms SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. 2017-07-12 6.5 CVE-2017-11200
MISC(link is external)
finecms_project -- finecms FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180. 2017-07-12 4.3 CVE-2017-11202
MISC(link is external)
fossies -- catdoc The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer. 2017-07-08 6.8 CVE-2017-11110
MISC(link is external)
gnu -- ncurses In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. 2017-07-08 5.0 CVE-2017-11112
MISC(link is external)
gnu -- ncurses In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. 2017-07-08 5.0 CVE-2017-11113
MISC(link is external)
google -- android Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000. 2017-07-07 6.9 CVE-2014-7953
FULLDISC
BUGTRAQ(link is external)
BID(link is external)
CONFIRM(link is external)
graphicsmagick -- graphicsmagick The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. 2017-07-07 5.0 CVE-2017-11102
CONFIRM(link is external)
CONFIRM(link is external)
BID(link is external)
ibm -- infosphere_information_server IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. 2017-07-12 4.3 CVE-2017-1321
CONFIRM(link is external)
MISC(link is external)
ibm -- websphere_mq IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. 2017-07-10 4.3 CVE-2017-1337
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
imagemagick -- imagemagick The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. 2017-07-07 4.3 CVE-2017-10995
BID(link is external)
CONFIRM(link is external)
iodata -- ts-wlce_camera_firmware Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 6.8 CVE-2017-2223
MISC(link is external)
BID(link is external)
JVN(link is external)
ismartalarm -- cube_one_firmware iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. 2017-07-11 5.0 CVE-2017-7726
MISC(link is external)
ismartalarm -- cube_one_firmware On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext. 2017-07-11 5.0 CVE-2017-7729
MISC(link is external)
kddi -- home_spot_cube_2_firmware HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. 2017-07-07 5.2 CVE-2017-2183
JVN(link is external)
BID(link is external)
CONFIRM(link is external)
kddi -- home_spot_cube_2_firmware Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. 2017-07-07 5.8 CVE-2017-2184
JVN(link is external)
BID(link is external)
CONFIRM(link is external)
kddi -- home_spot_cube_2_firmware HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. 2017-07-07 5.2 CVE-2017-2185
JVN(link is external)
BID(link is external)
CONFIRM(link is external)
knot-dns -- knot_dns Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. 2017-07-08 4.3 CVE-2017-11104
MISC(link is external)
MISC
MISC(link is external)
marp_project -- marp Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript. 2017-07-07 6.8 CVE-2017-2239
JVN(link is external)
mcafee -- advanced_threat_defense Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter. 2017-07-12 6.5 CVE-2017-4054
CONFIRM(link is external)
mcafee -- advanced_threat_defense Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization. 2017-07-12 5.0 CVE-2017-4055
CONFIRM(link is external)
mcafee -- advanced_threat_defense Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands. 2017-07-12 6.5 CVE-2017-4057
CONFIRM(link is external)
mext -- ebidsettingchecker Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2225
JVN(link is external)
MISC(link is external)
microsoft -- edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". 2017-07-11 4.3 CVE-2017-8599
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." 2017-07-11 4.3 CVE-2017-8611
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- exchange_server Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560. 2017-07-11 4.3 CVE-2017-8559
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- exchange_server Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559. 2017-07-11 4.3 CVE-2017-8560
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability." 2017-07-11 4.3 CVE-2017-8602
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- sharepoint_server Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability". 2017-07-11 6.5 CVE-2017-8569
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_10 Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability". 2017-07-11 4.4 CVE-2017-8566
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_rt_8.1 Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". 2017-07-11 6.9 CVE-2017-8561
BID(link is external)
CONFIRM(link is external)
microsoft -- windows_rt_8.1 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability". 2017-07-11 5.1 CVE-2017-8563
BID(link is external)
CONFIRM(link is external)
microsoft -- windows_rt_8.1 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. 2017-07-11 6.9 CVE-2017-8577
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_rt_8.1 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. 2017-07-11 6.2 CVE-2017-8580
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows_rt_8.1 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability". 2017-07-11 4.6 CVE-2017-8590
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
mpg123 -- mpg123 The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. 2017-07-09 4.3 CVE-2017-11126
MISC(link is external)
MISC
national_tax_agency -- e-tax Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2226
JVN(link is external)
BID(link is external)
nilim -- road_construction_completion_diagram_check_program Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2230
JVN(link is external)
MISC(link is external)
MISC(link is external)
nitro -- nitro_pro Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. 2017-07-07 4.3 CVE-2017-7950
BID(link is external)
CONFIRM(link is external)
php -- php In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c). 2017-07-10 5.0 CVE-2016-10397
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c. 2017-07-10 5.0 CVE-2017-11143
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. 2017-07-10 5.0 CVE-2017-11144
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function. 2017-07-10 5.0 CVE-2017-11145
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c. 2017-07-10 6.4 CVE-2017-11147
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
phpldapadmin -- phpldapadmin phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. 2017-07-08 4.3 CVE-2017-11107
MISC(link is external)
MISC(link is external)
schneider_electric -- wonderware_archestra_logger An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service. 2017-07-07 5.0 CVE-2017-9627
MISC(link is external)
BID(link is external)
SECTRACK(link is external)
MISC
schneider_electric -- wonderware_archestra_logger A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable). 2017-07-07 5.0 CVE-2017-9631
MISC(link is external)
BID(link is external)
SECTRACK(link is external)
MISC
shortcodes_ultimate_project -- shortcodes_ultimate Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. 2017-07-07 4.0 CVE-2017-2245
BID(link is external)
JVN(link is external)
CONFIRM
CONFIRM
swftools -- swftools When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c. 2017-07-07 6.8 CVE-2017-11096
MISC(link is external)
swftools -- swftools When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c. 2017-07-07 6.8 CVE-2017-11097
MISC(link is external)
swftools -- swftools When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. 2017-07-07 6.8 CVE-2017-11098
MISC(link is external)
swftools -- swftools When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. 2017-07-07 6.8 CVE-2017-11099
MISC(link is external)
swftools -- swftools When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c. 2017-07-07 6.8 CVE-2017-11100
MISC(link is external)
swftools -- swftools When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c. 2017-07-07 6.8 CVE-2017-11101
MISC(link is external)
tcpdump -- tcpdump tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. 2017-07-08 5.0 CVE-2017-11108
MISC(link is external)
toshiba -- hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors. 2017-07-07 5.0 CVE-2017-2235
JVN(link is external)
toshiba -- hem-gw26a_firmware Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 6.8 CVE-2017-2238
JVN(link is external)
vim -- vim Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance. 2017-07-08 6.8 CVE-2017-11109
MISC(link is external)
MISC.(link is external)
web-dorado -- event_calendar_wd Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 4.3 CVE-2017-2224
BID(link is external)
JVN(link is external)
CONFIRM
CONFIRM
wp-members_project -- wp-members Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 4.3 CVE-2017-2222
JVN(link is external)
CONFIRM
CONFIRM
wp-statistics -- wp_statistics The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. 2017-07-07 4.3 CVE-2017-10991
MISC(link is external)
wpdownloadmanager -- download_manager