» 2017 » 9월

CVE-2015-2943

Posted on 2017년 9월 7일2017년 9월 7일 by admin

CVE-2015-2943

Honda Moto LINC 1.6.1 does not verify SSL certificates.

Source: CVE-2015-2943

CVE-2014-6438

Posted on 2017년 9월 7일2017년 9월 7일 by admin

CVE-2014-6438

The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.

Source: CVE-2014-6438

CVE-2015-5948

Posted on 2017년 9월 7일2017년 9월 7일 by admin

CVE-2015-5948

Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.

Source: CVE-2015-5948

CVE-2015-6250

Posted on 2017년 9월 7일2017년 9월 7일 by admin

CVE-2015-6250

simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side.

Source: CVE-2015-6250

CVE-2017-14166

Posted on 2017년 9월 7일2017년 9월 7일 by admin

CVE-2017-14166

libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.

Source: CVE-2017-14166

CVE-2017-14165

Posted on 2017년 9월 7일2017년 9월 7일 by admin

CVE-2017-14165

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.

Source: CVE-2017-14165

CVE-2017-14164

Posted on 2017년 9월 7일2017년 9월 7일 by admin

CVE-2017-14164

A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.

Source: CVE-2017-14164

CVE-2017-12476 (bento4)

Posted on 2017년 9월 6일2017년 9월 8일 by admin

CVE-2017-12476 (bento4)

The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

Source: CVE-2017-12476 (bento4)

CVE-2017-12475 (bento4)

Posted on 2017년 9월 6일2017년 9월 8일 by admin

CVE-2017-12475 (bento4)

The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

Source: CVE-2017-12475 (bento4)

CVE-2017-12474 (bento4)

Posted on 2017년 9월 6일2017년 9월 8일 by admin

CVE-2017-12474 (bento4)

The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.

Source: CVE-2017-12474 (bento4)