CVE-2017-1000414
ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service.
Source: CVE-2017-1000414
[월:] 2018년 01월
CVE-2018-5965
CVE-2018-5965
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
Source: CVE-2018-5965
CVE-2018-5964
CVE-2018-5964
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
Source: CVE-2018-5964
CVE-2018-5748
CVE-2018-5748
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
Source: CVE-2018-5748
CVE-2017-15365
CVE-2017-15365
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
Source: CVE-2017-15365
CVE-2018-4836
CVE-2018-4836
A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic’s port 8000/tcp could escalate his privileges and perform administrative operations.
Source: CVE-2018-4836
CVE-2018-4835
CVE-2018-4835
A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic’s port 8000/tcp could bypass the authentication mechanism and read limited information.
Source: CVE-2018-4835
CVE-2018-4837
CVE-2018-4837
A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic’s webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.
Source: CVE-2018-4837
CVE-2018-6308
CVE-2018-6308
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modulesCampaignsTracker.php and modulesCampaignsutils.php, the default_currency_name parameter to modulesConfiguratorcontroller.php and modulesCurrenciesCurrency.php, the duplicate parameter to modulesContactsShowDuplicates.php, the mergecur parameter to modulesCurrenciesindex.php and modulesOpportunitiesOpportunity.php, and the load_signed_id parameter to modulesDocumentsDocument.php.
Source: CVE-2018-6308
CVE-2018-5967
CVE-2018-5967
Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page.
Source: CVE-2018-5967