» 2018 » 1월

CVE-2018-5252

Posted on 2018년 1월 6일2018년 1월 6일 by admin

CVE-2018-5252

libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c.

Source: CVE-2018-5252

CVE-2018-5251

Posted on 2018년 1월 6일2018년 1월 6일 by admin

CVE-2018-5251

In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.

Source: CVE-2018-5251

CVE-2018-5249

Posted on 2018년 1월 6일2018년 1월 6일 by admin

CVE-2018-5249

Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form’s username field (aka the login parameter to the ban_canLogin function in index.php).

Source: CVE-2018-5249

CVE-2018-5247

Posted on 2018년 1월 6일2018년 1월 6일 by admin

CVE-2018-5247

In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.

Source: CVE-2018-5247

CVE-2017-18022

Posted on 2018년 1월 6일2018년 1월 6일 by admin

CVE-2017-18022

In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.

Source: CVE-2017-18022

CVE-2018-5248

Posted on 2018년 1월 6일2018년 1월 6일 by admin

CVE-2018-5248

In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.

Source: CVE-2018-5248

CVE-2017-18021

Posted on 2018년 1월 6일2018년 1월 6일 by admin

CVE-2017-18021

It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.

Source: CVE-2017-18021

CVE-2018-5246

Posted on 2018년 1월 6일2018년 1월 6일 by admin

CVE-2018-5246

In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.

Source: CVE-2018-5246

CVE-2018-5244

Posted on 2018년 1월 6일2018년 1월 6일 by admin

CVE-2018-5244

In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn’t freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.

Source: CVE-2018-5244

CVE-2017-15549

Posted on 2018년 1월 6일2018년 1월 6일 by admin

CVE-2017-15549

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.

Source: CVE-2017-15549