*** 출처: [iitp] 음향 센서를 이용한 총격 감지 시스템 - 샷스파터(ShotSpotter)

*** 문서:

file1250810945162783252-187905.pdf

 

 

 

 

■ 오클랜드 경찰은 2012년에 미국의 스타트업인 ‘샷스파터(ShotSpotter)’가 개발한 동명의 총격 감지 시스템을 도입하였음

 

- 샷스파터는 시내 곳곳에 음향 센서(마이크)를 달아 놓고 총격이 일어난 위치를 60초 이내에 확인하여 경찰에 알려주는 시스템임

 

- 샷스파터의 설명에 따르면, 오클랜드에서 총격이 발생하면 경찰이 이전보다 훨씬 빨리 현장에 도착하기 때문에 갱스터들이 이 점을 인지하게 되면서 총격을 자제하게 되었고 결과적으로 총격 사건이 감소하게 된 것임

 

 

 

 

 

- 범죄자들에 의한 센서 파괴를 방지하기 위해 센서의 형상은 거의 공개되지 않고 있음

 

- 샷스파터는 경찰의 요청에 근거하여 음향 센서를 설치하는데, 시청 등 공공건물, 가로등, 상업용 건물, 쇼핑몰, 아파트, 기지국 등에 주로 설치하며, 그 수는 1평방 마일당 약 20개 정도임

 

- 음향 센서가 큰 파열음을 포착하면 그 전후의 6초간 음성 데이터가 샷스파터가 운영하는 클라우드로 전송되며, 기계학습 기반으로 개발된 알고리즘이 총격음인지 여부를 확인하게 됨

 

- 알고리즘이 식별하기 어려운 경우는 캘리포니아주 뉴어크시 소재 샷스파터 본사에 24시간 연중무휴 상주하는 전문 직원이 직접 들어보고 총격 소리인지 여부를 판단함

 

- 총격이 발생한 위치는 여러 개의 음향 센서가 각각 총격음을 캐치한 시간의 차이를 토대로 총격 발생 지점까지의 거리를 계산하여 추정하는데, 계산된 위치는 60초 이내에 경찰에 통보되고 경찰관들은 자사의 스마트폰 앱을 통해 지도에서 확인할 수 있음

 

- 현재 90개 이상의 경찰청에 SaaS 방식의 서비스를 제공하고 있으며, 최근에는 범죄 예측시스템으로 사업을 확대해 나가고 있음

Posted by manga0713

 

[ AI Next Campaign 주요 프로그램 ]

 

 

 

*** 출처: [NIA] 미 국방연구원 AI캠페인 - 차세대 인공지능(AI NEXT)

*** 문서:

[스페셜리포트_18호]_미국국방연구원_AI_Next.pdf

 

 

 

 

■ 차세대 AI 연구개발 캠페인 (AI NEXT CAMPAIGN)

 

 

- DARPA는 차세대 AI기술개발을 위해 "AI Next" 로 명명한 새로운 프로그램에 3년간 20억 달러 이상의 투자를 발표

 

- 20개의 인공지능 프로젝트 중 협업형 인공지능 기술 개발 방법 모색을 위한 문맥 추론 기능 부문에 가장 많은 연구·투자를 진행

 

- AI Next 기술개발 프로그램 뿐 아니라 다음 분야에서 AI파트너십을 활용한 미국국방부(DoD)의 강력한 역량 창출을 기대

 

 

 

■ 기초 연구 프로그램

 

1. 빅메카니즘(Big Mechanism) 모델개발

 

 

○ 프로그램 배경

 

- 국방부 생성 문헌과 데이터는 수집 자동화로 빅데이터를 형성하고 있지만, 분야별로 단편화되고 분산되어 있으며 일관성이 없음


- 빅데이터 간 상호 작용에 의해 초래되는 효과를 제대로 이해하기 위해 복잡한 체계를 완전하게 설명할 수 있는 모델 개발 필요

 

 

○ 프로그램 내용

 

- Big Mechanism 프로그램은 상호 작용이 복잡한 체계가 갖는 중요한 인과관계를 규명하고 설명하는 논리모델을 개발하는 것


- 이 프로그램의 목표는 통계 및 지식의 자연언어처리(NLP)의 통합된 기술을 기반으로 연구초록 및 논문을 읽는 기술을 개발하고


- 연구의 조각들을 보다 완전한 인과 관계 모델로 가져와서 추론하고 시뮬레이션 등 복잡한 역동성을 설명 가능해야 함

 

 

 

 

 

- 그림설명: 이 프로그램의 시범영역은 신호경로에 중점을 둔 암 생물학으로 암 발생경로 등을 설명적 모델을 활용하여 인과관계 등을 밝히는 것임

 

 

 

2. 컴퓨터와 의사 소통하기 (CwC: Communicating with Computers)

 

 

○ 프로그램 배경

 

- 사람과 함께 의사결정을 하고, 문제를 해결하고, 서로에게서 배우고, 서로의 능력을 보완하는 등 원활하게 상호 작용하는 스마트 기계를 개발

 

 

○ 프로그램 내용

 

- CwC는 3가지 사례연구를 통해 간단한 아이디어를 조합하여 복잡한 문제를 푸는 알고리즘, 상호 임무에 대한 의사소통 알고리즘을 개발


- Blocks World(블록 쌓기)는 사람과 기계가 의사소통하며 서로 아이디어(임무)를 부여하면서 블록 쌓기를 완성하기 위해 통신해야함


- Biocuration(큐레이션)은 Big Mechanism의 기계 바이오큐레이터와 인간 바이오 큐레이터 사이의 생의학 문헌에 대한 커뮤니케이션


- Collaborative Composition(협업 작업)은 사람과 기계가 스토리의 완성을 위해여 서로 문장을 작성하는 등 협력 프로세스를 탐색

 

 

 

 

 

 

- 사진설명: 사람과기계가의사소통하며서로아이디어(임무)를부여하면서블록쌓기를완성

 

 

 

3. ML학습의 근본적 한계 연구 (FunLoL: Fundamental Limits of Learning)

 

 

○ 프로그램 배경

 

- 현재 구현 된 기계학습 기술은 엄청난 양의 교육 데이터와 방대한 계산 리소스에 의존하며 시간이 많이 걸리는 시행착오(Trial & Error) 방법론을 따름


- 그러나 기계학습에 내재된 몇 가지 규칙을 변경하면 시스템은 상황 변화에 대해 이미 알고 있는 것으로부터 일반화(적응) 할 수 없음


- 현재 부족한 점은 데이터, 작업, 자원 및 성능 측정 요소 간의 관계를 이해하는 데 필요한 기본적인 이론적 프레임워크


- 이를 통해 어떤 작업이 컴퓨터에 가장 적합한 지, 어떤 작업이 그렇지 않은지를 이해하고 컴퓨터를 효율적으로 훈련시킬 필요 있음

 

 

○ 프로그램 내용

 

- ML학습한계연구(FunLoL) 프로그램은 ML시스템의 학습능력을 평가하는 방법론을 개발하고 ML시스템이 어떤 퍼포먼스를 보이는지 파악하고 이를 바탕으로 ML시스템의 실제 적용 및 구현을 안내


- 이 프로그램은 ML학습의 계량이 가능하고 일반화가 가능한 척도를 제공하는 수학적 프레임워크를 조사 및 개발하여 검증 가능(verifiable)한 특성을 지닌 ML시스템을 설계하는데 활용


- 검증가능성은 기존 및 새로운 기계 학습 패러다임의 근본적인 한계를 파악하고 다양한 응용 프로그램에서 결과의 신뢰성을 평가할 수 있는 특성임

 

 

 

4. 지속학습 머신러닝 (L2M: Lifelong Learning Machines)

 

 

○ 프로그램 배경

 

- 현재 AI, ML 시스템은 훈련된 작업만 수행하는 것으로 제한되며, 외부 상황변화에 직면할 때 부적응 위험 노출


- 이 문제는 상황을 예측할 수 없으며 신속하게 대처하고 역동적인 환경에 적응하는 능력이 가장 중요한 응용 프로그램을 더욱 제한

 

 

○ 프로그램 내용

 

- 지속학습 머신러닝(L2M) 프로그램은 AI 아키텍처와 ML 기법에서 패러다임을 변화시키는 개발이 목표


- 이 프로그램은 실행 중에 지속적으로 학습하고 작업을 수행하는동안 점점 더 전문화 될 수 있는 시스템을 개발

 

- L2M은 두 가지 기술 영역으로 구성, 첫 번째는 완전한 시스템과 그 구성 요소의 개발에 중점을 두며,


- 두 번째는 다양한 전문 지식을 가진 연구자들을 모아 학습의 기초가 되는 생물학적 메커니즘을 탐구하며, 이는 새로운 세대의 계산 구조, 메커니즘 및 알고리즘으로 번역될 것임

 

 

 

 

 

- 그림설명: 지속학습머신러닝은 이전 학습된 것을 바탕으로 새로운 상황에 이전 기술과 지식을 적용, 변화에 적응할 수 있는 기술

 

 

 

5. 고급머신러닝을 위한 확률론적 프로그램밍 (PPAML: Probabilistic Programming for Advancing Machine Learning)

 

 

○ 프로그램 배경

 

- 컴퓨터가 데이터를 이해하고 결과를 관리하며 불확실한 정보로부터 통찰력을 갖고 추론 할 수 있는 능력에 대한 요구가 커지고 있음


- 불확실한 정보를 관리하고 인사이트를 추론할 수 있는 새로운 프로그래밍 패러다임 구축이 필요

 

 

○ 프로그램 내용

 

- 확률론적 프로그래밍 언어를 사용하여 ML응용프로그램을 성공적으로 구축할 수 있는 ML전문가를 양성하는 것이 목표


- 또한 이 프로그램은 현재 기술보다 더 정확한 결과를 산출하되 더 적은 양의 데이터를 가지고 학습함으로써 더 경제적이고 더 강력한 애플리케이션을 개발하고자 함

 

- PPAML에는 이외 다섯 가지 구체적인 전술적 목표가 있음


- 프로그래밍 코드를 단축하여 모델을 더 빨리 작성하고 이해하기 쉽게 만드는 것


- 프로그래밍 실험을 장려하고 개발 시간과 비용 절감


- 풍부한 도메인 지식을 통합하고 기본 코드와 별도의 쿼리를 통합하는 보다 정교한 모델의 구축을 용이하게 함


- 기계 학습 애플리케이션을 구축하는 데 필요한 전문성을 줄임


- 다양한 도메인 및 도구 유형에 대한 통합 모델 구축 지원

 

 

 

6. 세계 모델러 프로그램 (World Modelers)

 

 

○ 프로그램 배경

 

- 복잡하고 역동적인 국가 안전 및 보안 문제를 포괄적으로 이해할 수 있는 설명모델과 관련 기술 개발 필요

 

 

○ 프로그램 내용

 

- 국가 보안 관련 수천 개의 정보 경로로 연결된 수십 개의 관련 분석모델이 존재, 이들을 수용하고 통합할 수 있는 접근법 개발 필요


- 이 프로그램은 상당히 단순한 시스템을 이해하는 데 수 개월 또는 수 년이 소요되는 것과 비교하여 수 주 또는 수 시간 내에 명확하게 매개변수화 된 양적 예측을 제공하는 기술을 개발 목표

 

 

 

 

 

- 그림설명: 세계 모델러의 첫 번째 사례는 (수단 남부) 식량 불안정성 문제를 해결할 모델을 개발하는 것으로 기후, 물 가용성, 토양 생존력, 시장 불안정성 및 물리적 보안을 비롯한 여러 요소의 상호 작용을 포괄적으로 이해

 

 

 

■ 응용 연구 프로그램

 

 

7. 이질적 정보로부터 컨텍스트 이해하기 (AIDA: Active Interpretation of Disparate Alternatives)

 

 

○ 프로그램 배경

 

- 미국 정부는 전 세계의 다양한 분야에서 일어나는 사건, 상황 및 추세를 파악하고 전략적으로 이해하는 데 관심이 많음


- 그러나 연관 정보는 여러 가지 다른 출처, 다양한 장르 및 데이터 유형, 구조화된 데이터와 비구조화 된 데이터가 혼합 등 매우 이질적임

 

 

○ 프로그램 내용

 

- 다양하고 이질적 정보 환경에서 사건, 상황 및 추세에 대한 명시적인 대안 해석을 가능하게 하는 다중가설검정 시맨틱 엔진을 개발


- 이 엔진은 여러 미디어 소스에서 자동으로 생성된 정보를 매핑하여 공통된 표현이나 스토리를 만들 수 있어야 하고


- 이벤트, 상황 및 동향의 진정한 본질과 영향에 대한 여러 이론을 생성 및 탐색할 수 있는 기술을 개발해야 함


- 이외 분석의 정확성과 가설의 의미론적 표현의 일관성에 기초하여 파생된 지식과 각 가설에 대한 신뢰도 측정을 확립해야 함

 

 

 

 

 

 

8. 심층탐구 및 텍스트 필터링(DEFT: Deep Exploration and Filtering of Text)

 

 

○ 프로그램 배경

 

- 국방(DoD) 업무담당자는 계획을 수립하고 임무를 수행하기 위해 다양한 출처의 풍부한 양의 데이터를 수집하고 처리


- 간접적으로 참조되는 업무 관련 정보를 자동으로 추출하는 기능을 지원받으면 담당자가 효율적으로 데이터를 처리하는데 도움이 됨

 

 

○ 프로그램 내용

 

- 자연어처리(NLP) 기술과 AI기술을 기반으로 하고 언어 이해, 추론, 인과관계 및 이상탐지(사실확인) 등 수행하는 솔루션 개발


- 평가, 기획, 예측 및 보고서 작성의 초기 단계를 지원하기 위해 정보가 처리 될 때 개별 사실을 대규모 도메인 모델에 통합하고 분석 수행


- 정교한 AI기술을 활용하여 보다 많은 문서를 효율적으로 필터링하고 암시적으로 표현되고 실행 가능한 정보를 발견

 

 

 

 

 

- 그림설명: 거대한 데이터 세트의 제한된 단순처리에서 사용가능한 정보의 전략적인 탐구로 이동, 인과관계분석과 이상탐지분석을 쉽게 수행

 

 

 

9. 설명가능 인공지능 (XAI)

 

 

○ 프로그램 배경

 

- 미래의 戰士가 AI기계를 파트너 전사로 신뢰하고 협력이 가능하기 위해서 AI기계는 자신과 자신의 의사결정을 설명할 수 있어야 함

 

 

○ 프로그램 내용

 

- 설명가능 인공지능(XAI) 프로그램은 다음과 같은 기계 학습 기술 모음을 만드는 것을 목표


- 높은 수준의 학습 성과(정확도)를 유지하면서 자신의 의사결정에 대하여 더 자세한 설명이 가능한 모델을 개발


- 사람이 차세대의 AI파트너를 이해하고, 적절하게 신뢰하고, 효과적으로 관리할 수 있도록 지원

 

 

 

 

 

- 그림설명: XAI 프로그램은 이기종 멀티미디어 데이터에서 관심 있는 이벤트를 분류하고 다양한 시뮬레이션 임무를 수행하는 자율 시스템의 의사결정 정책을 어떻게 만드는지 설명가능한 AI를 개발

 

 

 

10. 긴급한 사태 대응을 위한 언어 통번역 (LORELEI: Low Resource Languages for Emergent Incidents)

 

 

○ 프로그램 배경

 

- 세계에는 7,000개 이상의 언어가 있고 당장 통번역기술이 필요한 언어를 예측하기가 어려우며 기술 적용 범위를 알 수 없는 상황

 

 

○ 프로그램 내용

 

- 프로그램의 목적은 전산 언어처리학 및 언어통번역 기술을 획기적으로 향상시켜 통번역수요가 많지 않은 언어에 대한 신속하고 저비용의 통번역기술개발을 가능하게 하는 것


- 자동 음성 인식 및 기계 번역 뿐 아니라 전반적인 목표는 외국어 자료를 영어로 번역하는 것이 아니고 주제, 이름 등의 외국어 및 영어 자료의 정보 요소를 식별하여 상황 인식을 제공하는 것

 

 

 

 

 

 

 

11. 머신러닝을 적용한 라디오주파수 신호 식별 (RFMLS: Radio Frequency Machine Learning Systems)

 

12. 스마트폰을 활용한 군사 건강도 측정 (WASH: Warfighter Analytics using Smartphones for Health)

 

13. 광범위한 사용언어 번역 프로그램 (BOLT: Broad Operational Language Translation)

 

 

 

■ 기타 연구 프로그램

 

 

14. 근지구 우주환경 탐지(SEE: DARPA Space Environment Exploitation)

 

15. 목적이 있는 딥러닝 (Deep Purple: Deep Purposeful Learning)

 

16. 기본 설계 (FUN Design: Fundamental Design)

 

17. 적은 라벨(데이터)로 러닝하기 (LwLL: Learning with Less Labels)

 

18. 변형가능 디자인 (TRADES: Transformative Design)

19. 그룹 바이어스 이해하기 (UGB: Understanding Group Biases)

 

Posted by manga0713

 

[ ‘순환’과‘거래’문제로 인해 발생하는 데이터 생태계의 이슈와 난제 ]

 

 

 

*** 출처: [NIA] 건전한 데이터 생태계 구축을 위한 새로운 접근

*** 문서:

20181220IF-데이터생태계-편집(수정).pdf

 

 

 

<목차>


Ⅰ. 데이터 생태계 구축이 어려운 이유


Ⅱ. 데이터 생태계 구축을 위한 새로운 접근


Ⅲ. 그래도 어려운 데이터 생태계 구축

 

 

 

 

I. 데이터 생태계 구축이 어려운 이유

 

 

■ 지하자원 생태계와 데이터 생태계의 차이점

 

 

○ 데이터 가치사슬 : 데이터의 생산에서 분석·활용이 순환하는 가치사슬

 

- 제조업, 서비스업 등 모든 비즈니스는 창의적인 비즈니스 모델이나 혁신적인 기술을 기반으로 시작되고 이후 데이터가 생산

 

- 제품, 서비스, 공정 등에서 다양한 데이터가 생산되고 데이터베이스 등에 저장되며 사용목적에 맞게 가공되어 분석에 활용

 

- 가공 데이터와 분석결과는 자체가 비즈니스를 위한 원천으로 사용되거나 비즈니스를 혁신하는 도구로 활용됨

 

 

 

■ 지하자원과 데이터 간 가장 큰 차이점은‘ 순환’과 ‘거래’

 

○ 순환

 

- 데이터는 생산·분석·활용되는 과정에서 이미 활용된 데이터 그리고 분석 데이터가 다시 본래 비즈니스를 성장, 강화 시키거나 새로운 비즈니스를 만드는 순환적 특징을 지님

 

- 특히 사용자가 많은 서비스는 상대적으로 더 많은 데이터를 생산하고 기존 서비스를 더욱 혁신시키며 승자독식 구조를 더욱 공고히 함

 

- 따라서 기업들이 축적된 데이터를 공개하거나 판매하는 것은 기업의 핵심 자산을 매각하는 것과 유사한 행위로 볼 수 있음

 

 

○ 거래

 

- 데이터는 자원과 마찬가지로 양, 품질 등에 따라 가치의 차이가 존재하나 활용하는 기술, 아이디어에 따라 같은 데이터 양과 품질이라 할지라도 비교할 수 없을 만큼의 가치 차이 발생

 

- 소유권에 있어서는 서비스를 통해 생산되는 데이터의 경우 (특히 무료서비스의 경우) 서비스 사용자와 서비스 주체 간의 이슈가 존재

 

- 이러한 특성으로 인해 데이터 자체의 가치를 측정하는 것에 논란이 있으며 거래 및 유통을 위한 공개적인 시장 자체를 구성하기에 어려운 현실

 

 

 

■ 데이터 소유권과 데이터 활용의 딜레마

 

 

○ 데이터 자체가 ‘돈’이라는 인식이 확산되면서 기업과 소비자 사이에 소유권 문제가 부각

 

- 소비자 입장에서 무료로 이용한 검색·SNS 등의 서비스가 사실은 내가 생산한 데이터의 대가였다는 인식이 확산

 

- 기업들이 서비스를 통해 발생하는 개인의 활동 데이터를 상업적으로 이용하면서 얻게 되는 직, 간접 이익을 소비자에게도 돌려주어야 한다는 요구 발생

 

 

○ 국내에서도 마이데이터의 개념을 도입해 개인의 데이터 소유권을 인정하고 개인정보의 무분별한 활용을 막기 위한 정책 및 사업 개발 중

 

- 자본이 부족한 스타트업, 개인 창업자는 대기업에 비해 상대적으로 데이터를 활용한 혁신이 더 어려워 질 수 있다는 양면성이 존재

Posted by manga0713

 

 

 

 

*** 출처: [보험연구원] 맞춤의료(정밀의료) 현황 및 보험산업에 주는 시사점

 

 

 

○ 맞춤의료(Personalized Medicine)는 전통적인 의학 접근법과는 달리 개개인의 독특한 유전적 특성에 기초한 치료 법을 기반으로 하여 개인 특성에 맞춘 정밀화된 의료임

 

- 전통적인 의학 접근법은 동일한 진단을 받은 모든 환자에게 동일한 치료법을 제공하는 것으로 일반적으로 ‘One-size-fits all’이라고 함

 

- 맞춤의료는 개인의 유전 정보인 유전체 분석을 시작으로 개인의 특성에 맞게 치료함으로써 신체의 건강한 부분에 해를 끼치지 않고, 질병 세포를 표적으로 하여 부작용이 제한적임

 

- 맞춤의료는 유전적 특징을 이용하여 건강상태를 진단하거나 잠재적인 질환을 조기에 발견하여 효과 적으로 치료하는 예방 치료를 의미하기도 함

 

 

○ 최근에는 맞춤의료보다는 미국 국립연구위원회의 권장으로 정밀의료(Precision Medicine)라는 용어를 사용하고 있음

 

 

○ 정밀의료 시장은 유전체 등 분석기술·빅데이터·인공지능 기술이 성장을 견인할 것으로 보고 있으며, 고령화 추세에 따른 의료비 부담 가중과 심각한 질병 그리고 국가 차원에서의 이니셔티브 추진 또한 정밀의료 시장의 발전을 더욱 가속화시키고 있는 것으로 보고됨

 

- 전 세계 정밀의료 시장은 초기 단계로 2017년 474억 달러(약 53.5조 원)에서 2023년에는 1,003억 달러 (약 112.9조 원) 규모로 연평균 13.3% 성장할 것으로 전망하고 있으며, 2030년까지 세계인구의 50% 이상이 염기체 서열분석을 진행할 것으로 예상하고 있음

 

- 국내에서는 2017년 정밀의료 사업단 출범을 시작으로 개인 맞춤의료 실현을 위한 첫발을 내딛었으며, 선진국에서도 정밀의료를 지원하기 위한 다양한 정책을 실시하고 있음

 

 

○ 정밀의료에 대해서 개인정보보호 등의 법적·윤리적·사회적 문제 등으로 인해 부정적인 견해도 존재함

 

 

○ 보험산업에 있어 정밀의료는 의학 발전을 모니터링하여 다량의 정보를 보유하고 있는 경우 언더라이팅에 있어 많은 이점이 있는 것으로 보고되고 있음

 

 

Posted by manga0713

 

 

 

 

*** 출처: [현대경제연구원] 2019년 글로벌 10대 트렌드

*** 문서:

2019111141253[1].hwp

 

 

 

 

1. 너도 나도 트럼프(Trumpfication)

 

- '자국 우선주의'를 기반으로 대중적 인기에 영합하는 극우 포퓰리스트들이 각국에서 두각을 나타내면서, '트럼프화'가 고착 및 심화되는 추세

 

- 보호무역주의 강화

 

- 다자협력 동력 상실

 

 

2. WTO, WTO(Where To Go)

 

- 지역주의 확산, 보호주의 조치 빈발 등으로 국제무역질서에 변화가 생기면서 다자무역 시스템인 WTO 체제가 시험을 받을 전망

 

 

3. 워싱턴의 그리드락(Gridlock)

 

- 미 정부와 의회간 정책 추진에 대한 의견차, 미 정부와 연준 간 통화정책에 대한 불일치 등으로 미국은 그리드락(Gridlock)에 빠질 우려 확산

 

 

4. 신묘(새로운 고양이)한 중국경제

 

- 2019년 중국경제는 과거 1978년 등소평의 개혁개방 전략이었던 '흑묘백묘'를 재해석한 성장위주의 경제정책 추진 가능성이 커지고 있음

 

- 중국경기 부양 정책 추진

 

- 첨단 제조업 업그레이드 가속

 

- 대외 개방 수위 대폭 상향 조정

 

 

5. 신흥국, Localized Pressure

 

- 최근 주요국 통화정책 정상화가 진행되는 가운데 글로벌 유동성 축소에 따라 개별 신흥국 경제에 미치는 영향이 차별적으로 나타나는 현상

 

 

6. BM 엑소더스(Business Model Exodus) 심화

 

- 기존의 수익 창출 기반인 최종제품과 경쟁기반을 '버리고'(exdous), 경영 변혁으로 새로운 BM을 구축

 

 

7. AI에서 AT(Autonomous Things: 자율 사물)로의 이행

 

- 로봇, 자율주행차 등의 '자율 사물'이 발전함에 따라 인간이 수행했던 기능들이 자동화되는 시대가 열릴 것으로 전망

 

 

8. Tech Wars

 

- 전 세계적 차원에서 진행되는 4차 산업혁명으로 기술 패러다임이 급변함에 따라 글로벌 기술패권 장악을 위한 공새와 견제가 심화

 

 

9. Global under Eco-Regulations

 

- 국제기구의 환경규제 시행에 앞서 선진국뿐만 아니라 개발도상국에서도 친환경 경제에 대한 관심이 확대되고, 에너지, 자원분야를 중심으로 이에 대한 준비가 본격화될 전망

 

 

10. '충전' 사회

 

- 디지털 중독에서의 해방, 보다 더 간편한 영향 섭취, 명상 산업의 발전 등 단순한 느림에서 적극적인 건강 회복 경향 강화 예상

Posted by manga0713

 

 

 

 

*** [US-CERT: Bulletin(SB19-014)] 2019년 1월 7일까지 발표된 보안 취약점

 

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
microsoft -- edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. 2019-01-08 7.6 CVE-2019-0565
BID
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
arc_project -- arc ARC 5.21q allows directory traversal via a full pathname in an archive file. 2019-01-07 5.0 CVE-2015-9275
MISC
MISC
getbootstrap -- bootstrap In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. 2019-01-09 4.3 CVE-2016-10735
MISC
MISC
MISC
MISC
MISC
MISC
ibm -- api_connect IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258. 2019-01-04 6.5 CVE-2018-1859
BID
XF
CONFIRM
microsoft -- asp.net_core A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. 2019-01-08 5.0 CVE-2019-0564
BID
REDHAT
CONFIRM
microsoft -- office An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. 2019-01-08 4.3 CVE-2019-0559
BID
CONFIRM
microsoft -- office An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. 2019-01-08 4.3 CVE-2019-0560
BID
CONFIRM
yunucms -- yunucms YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. 2019-01-04 4.3 CVE-2019-5310
MISC
yunucms -- yunucms An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter. 2019-01-04 4.3 CVE-2019-5311
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
frog_cms_project -- frog_cms Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. 2019-01-09 3.5 CVE-2018-20680
MISC
ibm -- rational_publishing_engine IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144883. 2019-01-04 3.5 CVE-2018-1657
BID
XF
CONFIRM
ibm -- rational_publishing_engine IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153494. 2019-01-04 3.5 CVE-2018-1951
BID
XF
CONFIRM
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- karaf
 
Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases. 2019-01-07 not yet calculated CVE-2018-11788
MISC
BID
apache -- thrift Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. 2019-01-07 not yet calculated CVE-2018-1320
MISC
apache -- thrift The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path. 2019-01-07 not yet calculated CVE-2018-11798
BID
MISC
apple -- cleanmymac_x An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. 2019-01-10 not yet calculated CVE-2018-4043
MISC
apple -- cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4047
MISC
apple -- cleanmymac_x An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. 2019-01-10 not yet calculated CVE-2018-4032
MISC
apple -- cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4033
MISC
apple -- cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4034
MISC
apple -- cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4045
MISC
apple -- cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. 2019-01-10 not yet calculated CVE-2018-4036
MISC
apple -- cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4037
MISC
apple -- cleanmymac_x The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4035
MISC
apple -- cleanmymac_x An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a successful exploit. 2019-01-10 not yet calculated CVE-2018-4046
MISC
apple -- cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4041
MISC
apple -- cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4042
MISC
apple -- cleanmymac_x An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. 2019-01-10 not yet calculated CVE-2018-4044
MISC
apple -- ios In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. 2019-01-11 not yet calculated CVE-2017-2411
CONFIRM
apple -- ios In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4404
MISC
CONFIRM
EXPLOIT-DB
apple -- ios In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management. 2019-01-11 not yet calculated CVE-2017-13891
CONFIRM
apple -- ios In iOS before 11.2, a type confusion issue was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2017-13888
CONFIRM
apple -- ios In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4330
BID
SECTRACK
CONFIRM
apple -- ios In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. 2019-01-11 not yet calculated CVE-2016-7576
CONFIRM
apple -- macos_high_sierra In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. 2019-01-11 not yet calculated CVE-2018-4257
CONFIRM
apple -- macos_high_sierra In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4255
CONFIRM
apple -- macos_high_sierra In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4254
CONFIRM
apple -- macos_high_sierra In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. 2019-01-11 not yet calculated CVE-2018-4217
CONFIRM
apple -- macos_high_sierra In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. 2019-01-11 not yet calculated CVE-2018-4183
CONFIRM
DEBIAN
apple -- macos_high_sierra In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. 2019-01-11 not yet calculated CVE-2018-4182
CONFIRM
DEBIAN
apple -- macos_high_sierra In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. 2019-01-11 not yet calculated CVE-2018-4181
MLIST
CONFIRM
UBUNTU
DEBIAN
apple -- macos_high_sierra In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. 2019-01-11 not yet calculated CVE-2018-4180
MLIST
CONFIRM
UBUNTU
DEBIAN
apple -- macos_high_sierra In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. 2019-01-11 not yet calculated CVE-2018-4258
CONFIRM
apple -- macos_high_sierra In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4256
CONFIRM
apple -- macos_high_sierra In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic. 2019-01-11 not yet calculated CVE-2018-4179
CONFIRM
apple -- macos_high_sierra In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions. 2019-01-11 not yet calculated CVE-2017-13886
CONFIRM
apple -- macos_high_sierra In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. 2019-01-11 not yet calculated CVE-2017-13887
CONFIRM
apple -- multiple_products In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4194
MISC
CONFIRM
MISC
MISC
MISC
apple -- multiple_products In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation. 2019-01-11 not yet calculated CVE-2017-13889
CONFIRM
apple -- multiple_products In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4169
CONFIRM
apple -- multiple_products In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. 2019-01-11 not yet calculated CVE-2018-4278
SECTRACK
GENTOO
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple -- multiple_products In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. 2019-01-11 not yet calculated CVE-2018-4277
SECTRACK
MISC
MISC
MISC
CONFIRM
MISC
apple -- multiple_products In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4262
SECTRACK
GENTOO
MISC
CONFIRM
MISC
UBUNTU
apple -- multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4213
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
UBUNTU
apple -- multiple_products In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation. 2019-01-11 not yet calculated CVE-2018-4298
CONFIRM
MISC
apple -- multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4212
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple -- multiple_products In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4210
GENTOO
MISC
MISC
MISC
CONFIRM
UBUNTU
apple -- multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4209
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple -- multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4208
GENTOO
MISC
MISC
MISC
CONFIRM
MISC
MISC
UBUNTU
apple -- multiple_products In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. 2019-01-11 not yet calculated CVE-2018-4207
GENTOO
MISC
CONFIRM
MISC
MISC
MISC
MISC
UBUNTU
apple -- multiple_products In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4189
CONFIRM
MISC
MISC
MISC
apple -- multiple_products In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. 2019-01-11 not yet calculated CVE-2018-4147
CONFIRM
MISC
MISC
MISC
MISC
apple -- multiple_products In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials. 2019-01-11 not yet calculated CVE-2016-4644
MISC
MISC
CONFIRM
apple -- multiple_products In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation. 2019-01-11 not yet calculated CVE-2016-4643
MISC
MISC
CONFIRM
apple -- multiple_products In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. 2019-01-11 not yet calculated CVE-2018-4185
MISC
MISC
CONFIRM
MISC
apple -- multiple_products
 
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings. 2019-01-11 not yet calculated CVE-2016-4642
MISC
MISC
CONFIRM
apple -- safari In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation. 2019-01-11 not yet calculated CVE-2018-4186
CONFIRM
apple -- swiftnio In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation. 2019-01-11 not yet calculated CVE-2018-4281
CONFIRM
artifex -- mupdf Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. 2019-01-11 not yet calculated CVE-2019-6130
MISC
artifex -- mupdf svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. 2019-01-11 not yet calculated CVE-2019-6131
MISC
aterm -- hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL. 2019-01-09 not yet calculated CVE-2018-0634
MISC
JVN
aterm -- hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter. 2019-01-09 not yet calculated CVE-2018-0635
MISC
JVN
aterm -- hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634. 2019-01-09 not yet calculated CVE-2018-0636
MISC
JVN
aterm -- hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter. 2019-01-09 not yet calculated CVE-2018-0638
MISC
JVN
aterm -- hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter. 2019-01-09 not yet calculated CVE-2018-0639
MISC
JVN
aterm -- hc100rc Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. 2019-01-09 not yet calculated CVE-2018-0640
MISC
JVN
aterm -- hc100rc Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter. 2019-01-09 not yet calculated CVE-2018-0641
MISC
JVN
aterm -- hc100rc Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter. 2019-01-09 not yet calculated CVE-2018-0637
MISC
JVN
aterm -- w300p Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter. 2019-01-09 not yet calculated CVE-2018-0633
MISC
JVN
aterm -- w300p Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response. 2019-01-09 not yet calculated CVE-2018-0632
MISC
JVN
aterm -- w300p Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. 2019-01-09 not yet calculated CVE-2018-0631
MISC
JVN
aterm -- w300p Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. 2019-01-09 not yet calculated CVE-2018-0629
MISC
JVN
aterm -- w300p Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter. 2019-01-09 not yet calculated CVE-2018-0630
MISC
JVN
aterm -- wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. 2019-01-09 not yet calculated CVE-2018-0628
MISC
JVN
aterm -- wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. 2019-01-09 not yet calculated CVE-2018-0627
MISC
JVN
aterm -- wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter. 2019-01-09 not yet calculated CVE-2018-0626
MISC
JVN
aterm -- wg1200hp_firmware Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. 2019-01-09 not yet calculated CVE-2018-0625
MISC
JVN
bento4 -- bento4
 
An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp when called from the AP4_EsdsAtom class in Core/Ap4EsdsAtom.cpp, as demonstrated by mp42aac. 2019-01-11 not yet calculated CVE-2019-6132
MISC
bodhi -- bodhi
 
Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. 2019-01-10 not yet calculated CVE-2017-1002152
CONFIRM
bootstrap -- bootstrap In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. 2019-01-09 not yet calculated CVE-2018-20677
MISC
MISC
MISC
MISC
MISC
bootstrap -- bootstrap
 
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. 2019-01-09 not yet calculated CVE-2018-20676
MISC
MISC
MISC
MISC
MISC
busybox -- busybox
 
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. 2019-01-09 not yet calculated CVE-2019-5747
MISC
MISC
busybox -- busybox
 
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. 2019-01-09 not yet calculated CVE-2018-20679
MISC
MISC
MISC
cimtechniques -- cimscan In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code. 2019-01-10 not yet calculated CVE-2018-16803
MISC
MISC
cisco -- 900_series_aggregation_services_router A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition. 2019-01-11 not yet calculated CVE-2018-15464
CISCO
cisco -- cisco_asyncos_software_for_cisco_email_security_appliance A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA. 2019-01-10 not yet calculated CVE-2018-15453
BID
CISCO
cisco -- cisco_asyncos_software_for_cisco_email_security_appliance A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages. 2019-01-10 not yet calculated CVE-2018-15460
BID
CISCO
cisco -- firepower_management_center A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this vulnerability by sending a steady stream of remote authentication requests to the appliance when the specific configuration is applied. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the device functions could operate abnormally, making the device unstable. 2019-01-10 not yet calculated CVE-2018-15458
BID
CISCO
cisco -- identity_services_engine A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains sensitive data. An exploit could allow the attacker to recover passwords for unauthorized use and expose those accounts to further attack. 2019-01-10 not yet calculated CVE-2018-15456
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. 2019-01-09 not yet calculated CVE-2018-0282
BID
CISCO
cisco -- ios_and_ios_xe_software A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a missing check in the SSH server. An attacker could use this vulnerability to open an SSH connection to an affected Cisco IOS or IOS XE device with a source address belonging to a VRF instance. Once connected, the attacker would still need to provide valid credentials to access the device. 2019-01-10 not yet calculated CVE-2018-0484
CISCO
cisco -- ip_phone_8800_series_software A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited. 2019-01-10 not yet calculated CVE-2018-0461
BID
CISCO
cisco -- jabber_client_framework A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten. 2019-01-10 not yet calculated CVE-2018-0449
BID
CISCO
cisco -- jabber_client_framework A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information. 2019-01-10 not yet calculated CVE-2018-0483
BID
CISCO
cisco -- policy_suite_for_mobile_and_policy_suite_diameter_routing_agent_software A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software. 2019-01-09 not yet calculated CVE-2018-0181
CISCO
cisco -- policy_suite
 
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment. 2019-01-11 not yet calculated CVE-2018-15466
BID
CISCO
cisco -- prime_infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2019-01-10 not yet calculated CVE-2018-15457
BID
CISCO
cisco -- prime_network_control_system A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information. 2019-01-10 not yet calculated CVE-2018-0482
BID
CISCO
cisco -- telepresence_management_suite A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. 2019-01-11 not yet calculated CVE-2018-15467
BID
CISCO
cisco -- unified_communications_manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack. 2019-01-10 not yet calculated CVE-2018-0474
CISCO
cisco -- webex_business_suite A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by convincing a user to click a crafted URL. To exploit this vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. 2019-01-10 not yet calculated CVE-2018-15461
BID
CISCO
cybozu -- dezie Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests. 2019-01-09 not yet calculated CVE-2018-0705
JVN
MISC
cybozu -- garoon Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function. 2019-01-09 not yet calculated CVE-2018-16178
JVN
MISC
cybozu -- mailwise Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-0702
JVN
MISC
cybozu -- office Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests. 2019-01-09 not yet calculated CVE-2018-0703
JVN
MISC
cybozu -- office Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen. 2019-01-09 not yet calculated CVE-2018-0704
JVN
MISC
cybozu -- remote_service Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16169
JVN
MISC
cybozu -- remote_service Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate. 2019-01-09 not yet calculated CVE-2018-16172
JVN
MISC
cybozu -- remote_service Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16171
JVN
MISC
cybozu -- remote_service Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16170
JVN
MISC
d-link -- multiple_devices D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. 2019-01-08 not yet calculated CVE-2018-20675
MISC
d-link -- multiple_devices D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. 2019-01-08 not yet calculated CVE-2018-20674
MISC
digital_arts -- i-filter HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16181
MISC
JVN
digital_arts -- i-filter Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2019-01-09 not yet calculated CVE-2018-16180
MISC
JVN
django -- django
 
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. 2019-01-09 not yet calculated CVE-2019-3498
BID
MISC
MISC
MLIST
UBUNTU
DEBIAN
MISC
docker_engine -- docker_engine
 
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. 2019-01-11 not yet calculated CVE-2018-20699
MISC
MISC
dokan -- dokan
 
Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update. 2019-01-07 not yet calculated CVE-2018-5410
BID
MISC
CONFIRM
CERT-VN
elfinder -- elfinder
 
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set. 2019-01-10 not yet calculated CVE-2019-5884
MISC
MISC
fork -- fork_cms
 
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section). 2019-01-09 not yet calculated CVE-2018-20682
MISC
frog_cms -- frog_cms Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). 2019-01-11 not yet calculated CVE-2019-6243
MISC
frontaccounting -- frontaccounting
 
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter. 2019-01-08 not yet calculated CVE-2019-5720
MISC
frrouting -- frrouting
 
bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed. 2019-01-10 not yet calculated CVE-2019-5892
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
gitolite -- gitolite
 
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. 2019-01-09 not yet calculated CVE-2018-20683
MISC
MISC
MISC
MISC
gnu -- binutils load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. 2019-01-04 not yet calculated CVE-2018-20671
BID
MISC
MISC
gnu -- binutils The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. 2019-01-04 not yet calculated CVE-2018-20673
BID
MISC
google -- chrome The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-16084
BID
REDHAT
CONFIRM
MISC
GENTOO
google -- chrome Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20069
CONFIRM
MISC
google -- chrome Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20068
CONFIRM
MISC
google -- chrome A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20067
CONFIRM
MISC
google -- chrome Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20066
CONFIRM
MISC
google -- chrome Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-20065
CONFIRM
MISC
google -- chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6166
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google -- chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6163
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google -- chrome Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6165
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google -- chrome Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6164
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google -- chrome Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6162
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google -- chrome A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17470
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google -- chrome An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. 2019-01-09 not yet calculated CVE-2018-17461
CONFIRM
MISC
google -- chrome Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17459
REDHAT
CONFIRM
MISC
google -- chrome An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17458
REDHAT
CONFIRM
MISC
google -- chrome An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-17457
CONFIRM
MISC
google -- chrome JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-6160
BID
CONFIRM
MISC
GENTOO
google -- chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-20070
CONFIRM
MISC
google -- chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. 2019-01-09 not yet calculated CVE-2018-6167
BID
REDHAT
CONFIRM
MISC
GENTOO
DEBIAN
google -- chrome Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page. 2019-01-09 not yet calculated CVE-2018-20071
CONFIRM
MISC
google -- chrome Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15428
CONFIRM
MISC
google -- chrome A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2016-9651
REDHAT
BID
CONFIRM
MISC
GENTOO
EXPLOIT-DB
google -- chrome A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15401
CONFIRM
MISC
google -- chrome Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15402
CONFIRM
MISC
google -- chrome Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15403
CONFIRM
MISC
google -- chrome An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page. 2019-01-09 not yet calculated CVE-2017-15404
CONFIRM