» 2018 » 3월

CVE-2017-14912

Posted on 2018년 3월 31일2018년 3월 31일 by admin

CVE-2017-14912

In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in Secure Display were not marked properly.

Source: CVE-2017-14912

CVE-2017-14915

Posted on 2018년 3월 31일2018년 3월 31일 by admin

CVE-2017-14915

In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition.

Source: CVE-2017-14915

CVE-2017-11010

Posted on 2018년 3월 31일2018년 3월 31일 by admin

CVE-2017-11010

In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.

Source: CVE-2017-11010

CVE-2017-14906

Posted on 2018년 3월 31일2018년 3월 31일 by admin

CVE-2017-14906

In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs.

Source: CVE-2017-14906

CVE-2017-14911

Posted on 2018년 3월 31일2018년 3월 31일 by admin

CVE-2017-14911

In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config.

Source: CVE-2017-14911

CVE-2017-9681

Posted on 2018년 3월 31일2018년 3월 31일 by admin

CVE-2017-9681

In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur.

Source: CVE-2017-9681

CVE-2017-14913

Posted on 2018년 3월 31일2018년 3월 31일 by admin

CVE-2017-14913

In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated.

Source: CVE-2017-14913

CVE-2018-5799

Posted on 2018년 3월 30일2018년 3월 30일 by admin

CVE-2018-5799

In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.

Source: CVE-2018-5799

CVE-2018-9146

Posted on 2018년 3월 30일2018년 3월 30일 by admin

CVE-2018-9146

In Exiv2 0.26, there is an out-of-bounds read in Exiv2::IptcData::printStructure in image.cpp, a different vulnerability than CVE-2017-17724. It could result in denial of service or information disclosure.

Source: CVE-2018-9146

CVE-2018-9139

Posted on 2018년 3월 30일2018년 3월 30일 by admin

CVE-2018-9139

On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.

Source: CVE-2018-9139