» 2016 » 4월

CVE-2016-2057

Posted on 2016년 4월 14일2016년 4월 14일 by admin

CVE-2016-2057

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

Source: CVE-2016-2057

CVE-2016-2056

Posted on 2016년 4월 14일2016년 4월 14일 by admin

CVE-2016-2056

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.

Source: CVE-2016-2056

CVE-2016-2055

Posted on 2016년 4월 14일2016년 4월 14일 by admin

CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.

Source: CVE-2016-2055

CVE-2016-2054

Posted on 2016년 4월 14일2016년 4월 14일 by admin

CVE-2016-2054

Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.

Source: CVE-2016-2054

CVE-2016-0775

Posted on 2016년 4월 14일2016년 4월 14일 by admin

CVE-2016-0775

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

Source: CVE-2016-0775

CVE-2016-0740

Posted on 2016년 4월 14일2016년 4월 14일 by admin

CVE-2016-0740

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

Source: CVE-2016-0740

CVE-2015-8807

Posted on 2016년 4월 14일2016년 4월 14일 by admin

CVE-2015-8807

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.

Source: CVE-2015-8807

CVE-2015-8843

Posted on 2016년 4월 14일2016년 4월 14일 by admin

CVE-2015-8843

The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption.

Source: CVE-2015-8843

CVE-2015-8606 (silverstripe)

Posted on 2016년 4월 14일2016년 4월 14일 by admin

CVE-2015-8606 (silverstripe)

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.

Source: CVE-2015-8606 (silverstripe)

CVE-2015-8555

Posted on 2016년 4월 14일2016년 4월 14일 by admin

CVE-2015-8555

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.

Source: CVE-2015-8555