» 2018 » 3월

CVE-2018-7521

Posted on 2018년 3월 22일2018년 3월 22일 by admin

CVE-2018-7521

In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file.

Source: CVE-2018-7521

CVE-2018-7523

Posted on 2018년 3월 22일2018년 3월 22일 by admin

CVE-2018-7523

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.

Source: CVE-2018-7523

CVE-2017-0927

Posted on 2018년 3월 22일2018년 3월 22일 by admin

CVE-2017-0927

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.

Source: CVE-2017-0927

CVE-2017-0924

Posted on 2018년 3월 22일2018년 3월 22일 by admin

CVE-2017-0924

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.

Source: CVE-2017-0924

CVE-2017-0915

Posted on 2018년 3월 22일2018년 3월 22일 by admin

CVE-2017-0915

Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.

Source: CVE-2017-0915

CVE-2017-0916

Posted on 2018년 3월 22일2018년 3월 22일 by admin

CVE-2017-0916

Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.

Source: CVE-2017-0916

CVE-2017-0918

Posted on 2018년 3월 22일2018년 3월 22일 by admin

CVE-2017-0918

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.

Source: CVE-2017-0918

CVE-2017-0917

Posted on 2018년 3월 22일2018년 3월 22일 by admin

CVE-2017-0917

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.

Source: CVE-2017-0917

CVE-2018-1229

Posted on 2018년 3월 22일2018년 3월 22일 by admin

CVE-2018-1229

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

Source: CVE-2018-1229

CVE-2018-1230

Posted on 2018년 3월 22일2018년 3월 22일 by admin

CVE-2018-1230

Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life.

Source: CVE-2018-1230