» 2018 » 1월

CVE-2018-5713

Posted on 2018년 1월 17일2018년 1월 17일 by admin

CVE-2018-5713

In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010.

Source: CVE-2018-5713

CVE-2014-9482

Posted on 2018년 1월 17일2018년 1월 17일 by admin

CVE-2014-9482

Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file.

Source: CVE-2014-9482

CVE-2016-0219

Posted on 2018년 1월 17일2018년 1월 17일 by admin

CVE-2016-0219

XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693.

Source: CVE-2016-0219

CVE-2014-9485

Posted on 2018년 1월 17일2018년 1월 17일 by admin

CVE-2014-9485

Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.

Source: CVE-2014-9485

CVE-2015-7486

Posted on 2018년 1월 17일2018년 1월 17일 by admin

CVE-2015-7486

Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108633.

Source: CVE-2015-7486

CVE-2016-0207

Posted on 2018년 1월 17일2018년 1월 17일 by admin

CVE-2016-0207

IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399.

Source: CVE-2016-0207

CVE-2016-0215

Posted on 2018년 1월 17일2018년 1월 17일 by admin

CVE-2016-0215

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.

Source: CVE-2016-0215

CVE-2015-7474

Posted on 2018년 1월 17일2018년 1월 17일 by admin

CVE-2015-7474

Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108501.

Source: CVE-2015-7474

CVE-2015-7484

Posted on 2018년 1월 17일2018년 1월 17일 by admin

CVE-2015-7484

IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619.

Source: CVE-2015-7484

CVE-2014-6027

Posted on 2018년 1월 17일2018년 1월 17일 by admin

CVE-2014-6027

Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details.

Source: CVE-2014-6027