» 2018 » 3월

CVE-2018-8766

Posted on 2018년 3월 18일2018년 3월 18일 by admin

CVE-2018-8766

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add.

Source: CVE-2018-8766

CVE-2018-8754

Posted on 2018년 3월 18일2018년 3월 18일 by admin

CVE-2018-8754

The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size.

Source: CVE-2018-8754

CVE-2017-18239

Posted on 2018년 3월 18일2018년 3월 18일 by admin

CVE-2017-18239

A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests.

Source: CVE-2017-18239

CVE-2018-8741

Posted on 2018년 3월 17일2018년 3월 18일 by admin

CVE-2018-8741

A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.

Source: CVE-2018-8741

CVE-2018-8737

Posted on 2018년 3월 17일2018년 3월 17일 by admin

CVE-2018-8737

Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user’s browser.

Source: CVE-2018-8737

CVE-2018-8740 (sqlite)

Posted on 2018년 3월 17일2018년 4월 11일 by admin

CVE-2018-8740 (sqlite)

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.

Source: CVE-2018-8740 (sqlite)

CVE-2018-8740

Posted on 2018년 3월 17일2018년 3월 17일 by admin

CVE-2018-8740

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.

Source: CVE-2018-8740

CVE-2017-18058

Posted on 2018년 3월 17일2018년 3월 17일 by admin

CVE-2017-18058

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wow_buf_pkt_len in wma_wow_wakeup_host_event() which is received from firmware leads to potential out of bounds memory read.

Source: CVE-2017-18058

CVE-2017-18057

Posted on 2018년 3월 17일2018년 3월 17일 by admin

CVE-2017-18057

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read.

Source: CVE-2017-18057

CVE-2018-3560

Posted on 2018년 3월 17일2018년 3월 17일 by admin

CVE-2018-3560

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device.

Source: CVE-2018-3560