» 2017 » 2월

Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.

Source: CVE-2016-6871

CVE-2016-5364

Posted on 2017년 2월 18일2017년 2월 18일 by admin

CVE-2016-5364

Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.

Source: CVE-2016-5364

CVE-2016-6189

Posted on 2017년 2월 18일2017년 2월 18일 by admin

CVE-2016-6189

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

Source: CVE-2016-6189

CVE-2016-6190

Posted on 2017년 2월 18일2017년 2월 18일 by admin

CVE-2016-6190

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.

Source: CVE-2016-6190

CVE-2016-6870

Posted on 2017년 2월 18일2017년 2월 18일 by admin

CVE-2016-6870

Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

Source: CVE-2016-6870

CVE-2016-5028

Posted on 2017년 2월 18일2017년 2월 18일 by admin

CVE-2016-5028

The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.

Source: CVE-2016-5028

CVE-2016-5029

Posted on 2017년 2월 18일2017년 2월 18일 by admin

CVE-2016-5029

The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file.

Source: CVE-2016-5029