CVE-2017-14146
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezkappuploadshelpdezkattachments directory.
Source: CVE-2017-14146
[월:] 2017년 09월
CVE-2017-14149
CVE-2017-14149
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.
Source: CVE-2017-14149
CVE-2017-14145
CVE-2017-14145
HelpDEZk 1.1.1 has SQL Injection in appmodulesadmincontrollersloginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.
Source: CVE-2017-14145
CVE-2017-1000083 (evince)
CVE-2017-1000083 (evince)
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "–" command-line option substring, as demonstrated by a –checkpoint-action=exec=bash at the beginning of the filename.
Source: CVE-2017-1000083 (evince)
CVE-2017-14108 (gedit)
CVE-2017-14108 (gedit)
libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many ‘{$content}’ characters.
Source: CVE-2017-14108 (gedit)
CVE-2017-14140 (linux_kernel)
CVE-2017-14140 (linux_kernel)
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn’t check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
Source: CVE-2017-14140 (linux_kernel)
CVE-2017-14108
CVE-2017-14108
libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many ‘{$content}’ characters.
Source: CVE-2017-14108
CVE-2017-14140
CVE-2017-14140
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn’t check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
Source: CVE-2017-14140
CVE-2017-1000083
CVE-2017-1000083
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "–" command-line option substring, as demonstrated by a –checkpoint-action=exec=bash at the beginning of the filename.
Source: CVE-2017-1000083
CVE-2017-14136 (opencv)
CVE-2017-14136 (opencv)
OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.
Source: CVE-2017-14136 (opencv)