The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- hive | Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through. | 2017-05-30 | 5.0 | CVE-2016-3083 BID MLIST |
| fortinet -- fortiportal | An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. | 2017-05-26 | 6.4 | CVE-2017-7337 CONFIRM |
| fortinet -- fortiportal | A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | 2017-05-26 | 5.0 | CVE-2017-7338 CONFIRM |
| fortinet -- fortiportal | A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | 2017-05-26 | 4.3 | CVE-2017-7339 CONFIRM |
| fortinet -- fortiportal | An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | 2017-05-26 | 5.8 | CVE-2017-7343 CONFIRM |
| fortinet -- fortiportal | A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | 2017-05-26 | 5.0 | CVE-2017-7731 CONFIRM |
| fortinet -- fortiweb | A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature. | 2017-05-26 | 4.3 | CVE-2017-3129 BID CONFIRM |
| ibm -- inotes | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976. | 2017-05-26 | 4.3 | CVE-2017-1325 CONFIRM MISC |
| ibm -- maximo_asset_management_essentials | IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153. | 2017-05-26 | 5.0 | CVE-2017-1292 CONFIRM MISC |
| linux -- linux_kernel | The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | 2017-05-26 | 4.9 | CVE-2017-9242 CONFIRM BID CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ibm -- maximo_asset_management_essentials | IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152. | 2017-05-26 | 3.5 | CVE-2017-1291 CONFIRM MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| allen_disk -- allen_disk |
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | 2017-05-31 | not yet calculated | CVE-2017-9307 MISC |
| allen_disk -- allen_disk |
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php. | 2017-05-28 | not yet calculated | CVE-2017-9249 BID MISC |
| andrzuk/finecms -- andrzuk/finecms | andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action. | 2017-05-28 | not yet calculated | CVE-2017-9252 MISC |
| andrzuk/finecms -- andrzuk/finecms |
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php. | 2017-05-28 | not yet calculated | CVE-2017-9251 MISC |
| apache -- knox |
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release. | 2017-05-26 | not yet calculated | CVE-2017-5646 MLIST BID |
| apache -- open_vswitch | In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. | 2017-05-29 | not yet calculated | CVE-2017-9265 CONFIRM |
| apache -- open_vswitch |
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch. | 2017-05-29 | not yet calculated | CVE-2016-10377 CONFIRM |
| apache -- open_vswitch |
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. | 2017-05-29 | not yet calculated | CVE-2017-9263 CONFIRM |
| apache -- open_vswitch |
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. | 2017-05-29 | not yet calculated | CVE-2017-9264 CONFIRM |
| aries -- qwr-1104_wireless-n_router |
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. | 2017-05-28 | not yet calculated | CVE-2017-9243 MISC EXPLOIT-DB |
| atlassian -- eucalyptus |
Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors. | 2017-06-01 | not yet calculated | CVE-2017-7999 CONFIRM |
| bigtree -- bigtree |
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | 2017-06-02 | not yet calculated | CVE-2017-9364 CONFIRM CONFIRM |
| bigtree -- bigtree |
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked. | 2017-06-02 | not yet calculated | CVE-2017-9365 CONFIRM CONFIRM |
| bigtree -- bigtree |
BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted. | 2017-06-02 | not yet calculated | CVE-2017-9378 MISC MISC |
| bigtree -- bigtree |
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php. | 2017-06-02 | not yet calculated | CVE-2017-9379 MISC |
| bram_korsten_note -- bram_korsten_note |
Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter). | 2017-05-29 | not yet calculated | CVE-2017-9289 CONFIRM |
| canonical -- juju |
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. | 2017-05-27 | not yet calculated | CVE-2017-9232 BID CONFIRM |
| ceragon -- fibeair_ip-10 |
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | 2017-06-01 | not yet calculated | CVE-2015-0936 MISC MISC FULLDISC BID MISC MISC |
| chicken_scheme -- chicken_scheme |
An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. | 2017-06-01 | not yet calculated | CVE-2017-9334 CONFIRM CONFIRM |
| cygnux.org -- syspass |
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. | 2017-05-31 | not yet calculated | CVE-2017-9306 MISC |
| digium -- asterisk |
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | 2017-06-02 | not yet calculated | CVE-2017-9359 CONFIRM CONFIRM CONFIRM |
| digium -- asterisk |
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing a infinite loop and leading to memory exhaustion (by message logging in that loop). | 2017-06-02 | not yet calculated | CVE-2017-9358 CONFIRM CONFIRM |
| digium -- asterisk |
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. | 2017-06-02 | not yet calculated | CVE-2017-9372 CONFIRM CONFIRM |
| e107 -- e107 |
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. | 2017-05-29 | not yet calculated | CVE-2016-10378 MISC |
| exiv2 -- exiv2 |
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file. | 2017-05-26 | not yet calculated | CVE-2017-9239 MISC BID MISC |
| flipbuilder -- flipbuilder |
Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter. | 2017-06-01 | not yet calculated | CVE-2017-7384 MISC |
| forinet -- fortiwlc-sd |
An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | 2017-05-26 | not yet calculated | CVE-2017-3134 BID CONFIRM |
| fortinet -- forticlient |
A potential execution of unauthorized code or commands vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.2 and below allows attacker to potentially overwrite an existing file via the FortiClient log file. | 2017-05-26 | not yet calculated | CVE-2016-8496 BID CONFIRM |
| fortinet -- forticlient |
An escalation of privilege vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.3 and below allows an attacker to gain root privilege via the subproc file. | 2017-05-26 | not yet calculated | CVE-2016-8497 BID CONFIRM |
| fortinet -- fortigate |
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | 2017-06-01 | not yet calculated | CVE-2017-3127 BID CONFIRM |
| fortinet -- fortinet_fortianalyzer |
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | 2017-05-26 | not yet calculated | CVE-2017-3126 BID CONFIRM |
| freeradius -- freeradius |
The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. | 2017-05-29 | not yet calculated | CVE-2017-9148 MISC MISC BID |
| git -- git-shell |
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. | 2017-06-01 | not yet calculated | CVE-2017-8386 SUSE MLIST DEBIAN BID SECTRACK UBUNTU MISC CONFIRM FEDORA FEDORA FEDORA |
| hitachi -- device_manager |
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | 2017-05-29 | not yet calculated | CVE-2017-9295 CONFIRM BID |
| hitachi -- device_manager |
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | 2017-05-29 | not yet calculated | CVE-2017-9298 CONFIRM |
| hitachi -- device_manager |
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. | 2017-05-29 | not yet calculated | CVE-2017-9297 CONFIRM BID |
| hitachi -- device_manager |
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. | 2017-05-29 | not yet calculated | CVE-2017-9296 CONFIRM BID |
| hitachi -- device_manager |
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports. | 2017-05-29 | not yet calculated | CVE-2017-9294 CONFIRM BID |
| imagemagick -- imagemagick |
In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-06-02 | not yet calculated | CVE-2017-9409 CONFIRM |
| imagemagick -- imagemagick |
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-06-02 | not yet calculated | CVE-2017-9407 CONFIRM |
| imagemagick -- imagemagick |
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-06-02 | not yet calculated | CVE-2017-9405 CONFIRM |
| imagemagick -- imagemagick |
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-05-29 | not yet calculated | CVE-2017-9262 BID CONFIRM |
| imagemagick -- imagemagick |
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-05-29 | not yet calculated | CVE-2017-9261 BID CONFIRM |
| intel -- solid_state |
There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code. | 2017-05-31 | not yet calculated | CVE-2017-5688 BID CONFIRM |
| jerryscript -- jerryscript |
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function. | 2017-05-28 | not yet calculated | CVE-2017-9250 CONFIRM CONFIRM CONFIRM |
| joomla -- joomla |
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php. | 2017-05-29 | not yet calculated | CVE-2016-10379 MISC BID |
| juniper_networks -- junos_os |
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. | 2017-05-30 | not yet calculated | CVE-2017-2302 BID CONFIRM |
| juniper_networks -- junos_os |
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition. | 2017-05-30 | not yet calculated | CVE-2017-2303 BID CONFIRM |
| juniper_networks -- junos_os |
On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D12 or 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R7, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D60, 15.1X53 prior to 15.1X53-D30 and DHCPv6 enabled, when a crafted DHCPv6 packet is received from a subscriber, jdhcpd daemon crashes and restarts. Repeated crashes of the jdhcpd process may constitute an extended denial of service condition for subscribers attempting to obtain IPv6 addresses. | 2017-05-30 | not yet calculated | CVE-2017-2301 BID CONFIRM |
| juniper_networks -- junos_os |
Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' | 2017-05-30 | not yet calculated | CVE-2017-2304 BID CONFIRM |
| juniper_networks -- junos_space |
On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition. | 2017-05-30 | not yet calculated | CVE-2017-2311 BID CONFIRM |
| juniper_networks -- junos_space |
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. | 2017-05-30 | not yet calculated | CVE-2017-2308 BID CONFIRM |
| juniper_networks -- junos_space |
On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk. | 2017-05-30 | not yet calculated | CVE-2017-2309 BID CONFIRM |
| juniper_networks -- junos_space |
A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk. | 2017-05-30 | not yet calculated | CVE-2017-2310 BID CONFIRM |
| juniper_networks -- junos_space |
A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space. | 2017-05-30 | not yet calculated | CVE-2017-2307 BID CONFIRM |
| juniper_networks -- junos_space |
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation. | 2017-05-30 | not yet calculated | CVE-2017-2305 BID CONFIRM |
| juniper_networks -- junos_space |
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device. | 2017-05-30 | not yet calculated | CVE-2017-2306 BID CONFIRM |
| juniper_networks -- srx_series_services_gateways |
On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets. | 2017-05-30 | not yet calculated | CVE-2017-2300 BID CONFIRM |
| lansweeper -- lansweeper |
Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. | 2017-05-29 | not yet calculated | CVE-2017-9292 CONFIRM |
| laravel -- laravel |
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. | 2017-05-29 | not yet calculated | CVE-2017-9303 BID CONFIRM |
| libming -- libming |
The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error. | 2017-05-31 | not yet calculated | CVE-2017-8782 MISC |
| libtiff -- libtiff |
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. | 2017-06-02 | not yet calculated | CVE-2017-9403 CONFIRM |
| libtiff -- libtiff |
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. | 2017-06-02 | not yet calculated | CVE-2017-9404 CONFIRM |
| microsoft -- malware_protection_engine | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542. | 2017-05-26 | not yet calculated | CVE-2017-8537 BID CONFIRM |
| microsoft -- malware_protection_engine |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541. | 2017-05-26 | not yet calculated | CVE-2017-8538 BID CONFIRM |
| microsoft -- malware_protection_engine |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541. | 2017-05-26 | not yet calculated | CVE-2017-8540 BID CONFIRM |
| microsoft -- malware_protection_engine |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540. | 2017-05-26 | not yet calculated | CVE-2017-8541 BID CONFIRM |
| microsoft -- malware_protection_engine |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542. | 2017-05-26 | not yet calculated | CVE-2017-8539 BID CONFIRM |
| microsoft -- malware_protection_engine |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | 2017-05-26 | not yet calculated | CVE-2017-8535 BID CONFIRM |
| microsoft -- malware_protection_engine |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | 2017-05-26 | not yet calculated | CVE-2017-8536 BID CONFIRM |
| microsoft -- malware_protection_engine |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539. | 2017-05-26 | not yet calculated | CVE-2017-8542 BID CONFIRM |
| moxa -- oncell |
A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext. | 2017-05-29 | not yet calculated | CVE-2017-7913 MISC |
| moxa -- oncell |
A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device. | 2017-05-29 | not yet calculated | CVE-2017-7917 MISC |
| moxa -- oncell |
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication. | 2017-05-29 | not yet calculated | CVE-2017-7915 MISC |
| netgear -- wnr2000_devices |
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261. | 2017-05-26 | not yet calculated | CVE-2017-6862 BID CONFIRM |
| nss -- nss |
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. | 2017-05-30 | not yet calculated | CVE-2017-7502 BID CONFIRM |
| open_ticket_request_system -- open_ticket_request_system |
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. | 2017-05-29 | not yet calculated | CVE-2017-9299 MISC |
| openemr -- openemr |
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | 2017-06-02 | not yet calculated | CVE-2017-9380 MISC |
| openldap -- openldap |
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. | 2017-05-29 | not yet calculated | CVE-2017-9287 CONFIRM BID CONFIRM |
| palo_alto_networks -- panorama_vm_appliance |
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. | 2017-06-01 | not yet calculated | CVE-2015-6531 BID MISC |
| perl -- perl |
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. | 2017-06-01 | not yet calculated | CVE-2017-6512 CONFIRM CONFIRM |
| phoenix_broadband_technologies -- poweragent_sc3_bms |
A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device. | 2017-06-02 | not yet calculated | CVE-2017-6039 MISC |
| pivotx -- pivotx |
PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file. | 2017-05-31 | not yet calculated | CVE-2017-8402 MISC |
| poppler -- poppler |
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | 2017-06-02 | not yet calculated | CVE-2017-9408 CONFIRM |
| poppler -- poppler |
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. | 2017-06-02 | not yet calculated | CVE-2017-9406 CONFIRM |
| poppler -- poppler |
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. | 2017-05-30 | not yet calculated | CVE-2017-7511 CONFIRM |
| qemu -- qemu |
Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands. | 2017-06-01 | not yet calculated | CVE-2017-9060 CONFIRM MLIST MISC |
| realnetworks -- realplayer |
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file. | 2017-05-29 | not yet calculated | CVE-2017-9302 MISC BID |
| samba -- samba |
Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. | 2017-05-30 | not yet calculated | CVE-2017-7494 BID CONFIRM |
| samsung -- syncthru_admin_6 |
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. | 2017-06-01 | not yet calculated | CVE-2015-5473 BID MISC MISC MISC MISC MISC MISC |
| soffid -- soffid_iam |
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request. | 2017-06-02 | not yet calculated | CVE-2017-9363 CONFIRM |
| telaxus -- epesi |
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter. | 2017-06-01 | not yet calculated | CVE-2017-9331 CONFIRM CONFIRM |
| telaxus -- epesi |
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter. | 2017-06-02 | not yet calculated | CVE-2017-9366 CONFIRM CONFIRM |
| the_foreman -- the_foreman |
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. | 2017-05-26 | not yet calculated | CVE-2017-7505 CONFIRM BID CONFIRM |
| tiki_software -- tiki_wiki_cms_groupware |
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php. | 2017-05-31 | not yet calculated | CVE-2017-9305 MISC MISC |
| videolan_organization -- videolan_vlc_media_player |
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file. | 2017-05-29 | not yet calculated | CVE-2017-9301 MISC BID |
| videolan_organization -- videolan_vlc_media_player |
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. | 2017-05-29 | not yet calculated | CVE-2017-9300 MISC BID |
| vmware -- horizon_daas |
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link. | 2017-05-31 | not yet calculated | CVE-2017-4897 BID CONFIRM |
| websitebaker -- websitebaker |
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. | 2017-06-02 | not yet calculated | CVE-2017-9361 MISC |
| websitebaker -- websitebaker |
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | 2017-06-02 | not yet calculated | CVE-2017-9360 MISC |
| wireshark_foundation -- wireshark | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. | 2017-06-02 | not yet calculated | CVE-2017-9350 MISC MISC MISC MISC |
| wireshark_foundation -- wireshark |
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. | 2017-06-02 | not yet calculated | CVE-2017-9345 MISC MISC MISC MISC |
| wireshark_foundation -- wireshark |
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. | 2017-06-02 | not yet calculated | CVE-2017-9344 MISC MISC MISC MISC |
| wireshark_foundation -- wireshark |
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. | 2017-06-02 | not yet calculated | CVE-2017-9343 MISC MISC MISC MISC |
| wireshark_foundation -- wireshark |
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. | 2017-06-02 | not yet calculated | CVE-2017-9352 MISC MISC MISC |
| wireshark_foundation -- wireshark |
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. | 2017-06-02 | not yet calculated | CVE-2017-9346 MISC MISC MISC MISC |
| wireshark_foundation -- wireshark |
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. | 2017-06-02 | not yet calculated | CVE-2017-9353 MISC MISC MISC MISC |
| wireshark_foundation -- wireshark |
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. | 2017-06-02 | not yet calculated | CVE-2017-9347 MISC MISC MISC MISC |
| wireshark_foundation -- wireshark |
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. | 2017-06-02 | not yet calculated | CVE-2017-9354 MISC MISC MISC MISC |
| wireshark_foundation -- wireshark |
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. | 2017-06-02 | not yet calculated | CVE-2017-9349 MISC MISC MISC MISC |
| wireshark_foundation -- wireshark |
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. | 2017-06-02 | not yet calculated | CVE-2017-9348 MISC MISC MISC MISC |
| wireshark_foundation -- wireshark |
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. | 2017-06-02 | not yet calculated | CVE-2017-9351 MISC MISC MISC MISC MISC MISC |
| wordpress -- wordpress |
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). | 2017-05-29 | not yet calculated | CVE-2017-9288 MISC MISC MISC |
| wordpress -- wordpress |
The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. | 2017-06-01 | not yet calculated | CVE-2017-9336 MISC |
| wordpress -- wordpress |
The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post. | 2017-06-01 | not yet calculated | CVE-2017-9337 MISC |
| yara -- yara |
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. | 2017-05-31 | not yet calculated | CVE-2017-9304 CONFIRM CONFIRM |
| zulip -- zulip_server |
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this. | 2017-06-02 | not yet calculated | CVE-2017-0896 MISC MLIST MISC |
** 출처: [US-CERT: Bulletin(SB17-156)] 2017년 5월 29일까지 발표된 보안 취약점
'IT 와 Social 이야기' 카테고리의 다른 글
| [KISDI] 음성인식 AI 비서 시장의 현황과 시사점 (0) | 2017.06.10 |
|---|---|
| [kocca] 인간, 콘텐츠 그리고 4차 산업혁명: 변화와 대응 (0) | 2017.06.10 |
| [IITP] 가시화되고 있는 자율주행차 시대와 안정성 이슈 (0) | 2017.06.06 |
| [IITP] GSMA의 IoT 보안 가이드라인 현황 (0) | 2017.06.06 |
| [IITP] 자율주행차 주요 업체 동향 (0) | 2017.06.06 |
