Low Vulnerabilities
・・・中略・・・
| ||||
sap -- hybris
|
Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field.
|
2016-12-31
| ||
sap -- hybris
|
Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x before 5.6.0.8, and 5.7.x before 5.7.0.9 allows remote authenticated users to inject arbitrary web script or HTML via the Name field.
|
2016-12-31
| ||
tenable -- nessus
|
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
2017-01-05
| ||
・・・中略・・・
|
Severity Not Yet Assigned
Primary
Vendor -- Product |
Description
|
Published
|
CVSS Score
|
Source & Patch Info
|
bluestacks -- app_player
|
A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges.
|
2017-01-06
|
not yet calculated
| |
emc -- scaleio
|
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers.
|
2017-01-06
|
not yet calculated
| |
emc -- scaleio
|
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot.
|
2017-01-06
|
not yet calculated
| |
emc -- scaleio
|
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable.
|
2017-01-06
|
not yet calculated
| |
foxit -- pdf_reader
|
A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.
|
2017-01-06
|
not yet calculated
| |
freeimage_project -- freeimage_library
|
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability.
|
2017-01-06
|
not yet calculated
| |
・・・中略・・・
| ||||
kaspersky -- anti-virus_software
|
A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.
|
2017-01-06
|
not yet calculated
| |
kaspersky -- internet_security_kl1
|
A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to trigger this vulnerability.
|
2017-01-06
|
not yet calculated
| |
kaspersky -- internet_security_kldisk
|
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.
|
2017-01-06
|
not yet calculated
| |
kaspersky -- internet_security_klif
|
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability.
|
2017-01-06
|
not yet calculated
| |
kaspersky -- internet_security_klif
|
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability.
|
2017-01-06
|
not yet calculated
| |
・・・中略・・・
| ||||
ntd -- ntp_daemon
|
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167
|
2017-01-06
|
not yet calculated
| |
ntp -- libntp
|
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f45900486
|
2017-01-06
|
not yet calculated
| |
ntp -- ntp
|
An off-path attacker can cause a preemptable client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f45900486
|
2017-01-06
|
not yet calculated
|
No comments:
Post a Comment