Medium Vulnerabilities
・・・中略・・・
| ||||
f5 -- big-ip_advanced_firewall_
|
Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.
↑
「Updates are available. Please see the references or vendor advisory for more information.」との事。
パッチ適用すれば良い
|
2017-01-03
| ||
forgerock -- openam
|
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/
|
2017-01-02
| ||
hybris -- hybris
|
Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter.
|
2016-12-31
| ||
libgd -- libgd
|
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
|
2017-01-04
| ||
・・・中略・・・
| ||||
netgear -- srx5308_firmware
|
Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file.
|
2017-01-03
| ||
openbsd -- openssh
|
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
|
2017-01-04
| ||
・・・中略・・・
| ||||
sap -- hybris
|
Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace.
|
2016-12-31
| ||
torproject -- tor
|
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
|
2017-01-04
| ||
wordpress -- wordpress
|
Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename.
|
2017-01-04
| ||
wordpress -- wordpress
|
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-
|
2017-01-04
|
No comments:
Post a Comment