» 2017 » 2월

CVE-2017-5026

Posted on 2017년 2월 17일2017년 2월 17일 by admin

CVE-2017-5026

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don’t control via a crafted HTML page.

Source: CVE-2017-5026

CVE-2017-6056

Posted on 2017년 2월 17일2017년 2월 17일 by admin

CVE-2017-6056

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Source: CVE-2017-6056

CVE-2017-6014

Posted on 2017년 2월 17일2017년 2월 17일 by admin

CVE-2017-6014

In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.

Source: CVE-2017-6014

CVE-2016-9831 (libming)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2016-9831 (libming)

Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.

Source: CVE-2016-9831 (libming)

CVE-2016-9828 (libming)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2016-9828 (libming)

The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file.

Source: CVE-2016-9828 (libming)

CVE-2016-9827 (libming)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2016-9827 (libming)

The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file.

Source: CVE-2016-9827 (libming)

CVE-2017-5357 (ed, fedora)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2017-5357 (ed, fedora)

regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.

Source: CVE-2017-5357 (ed, fedora)

CVE-2016-9829 (libming)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2016-9829 (libming)

Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.

Source: CVE-2016-9829 (libming)

CVE-2016-9828

Posted on 2017년 2월 17일2017년 2월 17일 by admin

CVE-2016-9828

The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file.

Source: CVE-2016-9828

CVE-2016-9955

Posted on 2017년 2월 17일2017년 2월 17일 by admin

CVE-2016-9955

The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.

Source: CVE-2016-9955