» 2016 » 4월

CVE-2015-5229

Posted on 2016년 4월 9일2016년 4월 9일 by admin

CVE-2015-5229

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.

Source: CVE-2015-5229

CVE-2016-3980

Posted on 2016년 4월 8일2016년 4월 9일 by admin

CVE-2016-3980

The Java Startup Framework (aka jstart) in SAP JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted HTTP request, aka SAP Security Note 2259547.

Source: CVE-2016-3980

CVE-2016-3979

Posted on 2016년 4월 8일2016년 4월 9일 by admin

CVE-2016-3979

Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.4 allows remote attackers to cause a denial of service via a crafted HTTP request, aka SAP Security Note 2256185.

Source: CVE-2016-3979

CVE-2016-3978

Posted on 2016년 4월 8일2016년 4월 9일 by admin

CVE-2016-3978

The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."

Source: CVE-2016-3978

CVE-2016-3188

Posted on 2016년 4월 8일2016년 4월 9일 by admin

CVE-2016-3188

The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently have unspecified impact, via unspecified vectors.

Source: CVE-2016-3188

CVE-2016-3187

Posted on 2016년 4월 8일2016년 4월 9일 by admin

CVE-2016-3187

The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter.

Source: CVE-2016-3187

CVE-2016-3154

Posted on 2016년 4월 8일2016년 4월 9일 by admin

CVE-2016-3154

The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.

Source: CVE-2016-3154

CVE-2016-3153

Posted on 2016년 4월 8일2016년 4월 9일 by admin

CVE-2016-3153

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

Source: CVE-2016-3153

CVE-2016-2324 (git, leap, linux_enterprise_debuginfo, linux_enterprise_server, linux_enterprise_software_development_kit, openstack_cloud, opensuse)

Posted on 2016년 4월 8일2016년 4월 12일 by admin

CVE-2016-2324 (git, leap, linux_enterprise_debuginfo, linux_enterprise_server, linux_enterprise_software_development_kit, openstack_cloud, opensuse)

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Source: CVE-2016-2324 (git, leap, linux_enterprise_debuginfo, linux_enterprise_server, linux_enterprise_software_development_kit, openstack_cloud, opensuse)

CVE-2016-2324

Posted on 2016년 4월 8일2016년 4월 9일 by admin

CVE-2016-2324

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Source: CVE-2016-2324