» 2017 » 12월

Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label’s code attempts to both access and free this data structure.

Source: CVE-2017-17975

CVE-2017-17901

Posted on 2017년 12월 30일2017년 12월 30일 by admin

CVE-2017-17901

ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.

Source: CVE-2017-17901

CVE-2014-4978

Posted on 2017년 12월 30일2017년 12월 30일 by admin

CVE-2014-4978

The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.

Source: CVE-2014-4978

CVE-2015-8008

Posted on 2017년 12월 30일2017년 12월 30일 by admin

CVE-2015-8008

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

Source: CVE-2015-8008

CVE-2014-9515

Posted on 2017년 12월 30일2017년 12월 30일 by admin

CVE-2014-9515

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.

Source: CVE-2014-9515

CVE-2014-8119

Posted on 2017년 12월 30일2017년 12월 30일 by admin

CVE-2014-8119

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

Source: CVE-2014-8119