» 2017 » 2월

CVE-2017-5843

Posted on 2017년 2월 10일2017년 2월 10일 by admin

CVE-2017-5843

Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.

Source: CVE-2017-5843

CVE-2017-5844

Posted on 2017년 2월 10일2017년 2월 10일 by admin

CVE-2017-5844

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.

Source: CVE-2017-5844

CVE-2017-5847

Posted on 2017년 2월 10일2017년 2월 10일 by admin

CVE-2017-5847

The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.

Source: CVE-2017-5847

CVE-2016-8494

Posted on 2017년 2월 10일2017년 2월 10일 by admin

CVE-2016-8494

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.

Source: CVE-2016-8494

CVE-2017-5848

Posted on 2017년 2월 10일2017년 2월 10일 by admin

CVE-2017-5848

The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.

Source: CVE-2017-5848

CVE-2016-9244

Posted on 2017년 2월 10일2017년 2월 10일 by admin

CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.

Source: CVE-2016-9244

CVE-2016-6173

Posted on 2017년 2월 10일2017년 2월 10일 by admin

CVE-2016-6173

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.

Source: CVE-2016-6173

CVE-2016-10198 (gstreamer)

Posted on 2017년 2월 10일2017년 2월 14일 by admin

CVE-2016-10198 (gstreamer)

The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.

Source: CVE-2016-10198 (gstreamer)

CVE-2015-8831 (dotclear)

Posted on 2017년 2월 10일2017년 2월 14일 by admin

CVE-2015-8831 (dotclear)

Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.

Source: CVE-2015-8831 (dotclear)

CVE-2016-10199 (gstreamer)

Posted on 2017년 2월 10일2017년 2월 14일 by admin

CVE-2016-10199 (gstreamer)

The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.

Source: CVE-2016-10199 (gstreamer)