Medium Vulnerabilities (かなり省略した)
Primary
Vendor -- Product |
Description
|
Published
|
CVSS Score
|
Source & Patch Info
|
apple -- apple_tv
|
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
|
2017-02-20
| ||
・・・
| ||||
apple -- iphone_os
|
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.
|
2017-02-20
| ||
・・・
| ||||
apple -- itunes
|
An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
|
2017-02-20
| ||
・・・
| ||||
apple -- logic_pro_x
|
An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file.
|
2017-02-20
| ||
・・・
| ||||
apple -- mac_os_x
|
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
|
2017-02-20
| ||
apple -- mac_os_x
|
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
|
2017-02-20
| ||
他に、以下CVEあり。省略した
| ||||
・・・
|
cisco -- identity_services_engine_
|
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908).
|
2017-02-21
| ||
cisco -- intrusion_prevention_system_
|
A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.2(1)V7.
|
2017-02-21
| ||
cisco -- meeting_server
|
A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2.
|
2017-02-21
| ||
cisco -- meeting_server
|
An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid session with the Web Bridge. Affected Products: This vulnerability affects Cisco Meeting Server software releases prior to 2.1.2. This product was previously known as Acano Conferencing Server. More Information: CSCvc89551. Known Affected Releases: 2.0 2.0.7 2.1. Known Fixed Releases: 2.1.2.
|
2017-02-21
| ||
cisco -- prime_collaboration_assurance
|
A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0).
|
2017-02-21
| ||
cisco -- secure_access_control_system
|
A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5).
|
2017-02-21
| ||
cisco -- unified_communications_manager
|
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609).
|
2017-02-21
| ||
cmsmadesimple -- form_builder
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
|
2017-02-21
| ||
fedoraproject -- fedora
|
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
|
2017-02-22
| ||
gomlab -- gom_player
|
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
|
2017-02-21
| ||
google -- chrome
|
Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page.
|
2017-02-17
| ||
ibm -- inotes
|
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010.
|
2017-02-23
| ||
ibm -- websphere_mq
|
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.
|
2017-02-22
| ||
libdwarf_project -- libdwarf
|
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.
|
2017-02-17
| ||
shadow_project -- shadow
|
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
|
2017-02-17
| ||
tcpdf_project -- tcpdf
|
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
|
2017-02-23
| ||
tnef_project -- tnef
|
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_
|
2017-02-23
| ||
trendmicro -- interscan_web_security_
|
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.
|
2017-02-21
| ||
trendmicro -- interscan_web_security_
|
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.
|
2017-02-21
|
No comments:
Post a Comment