» 2018 » 3월

CVE-2018-6229

Posted on 2018년 3월 16일2018년 3월 16일 by admin

CVE-2018-6229

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

Source: CVE-2018-6229

CVE-2018-6225

Posted on 2018년 3월 16일2018년 3월 16일 by admin

CVE-2018-6225

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.

Source: CVE-2018-6225

CVE-2017-18234

Posted on 2018년 3월 16일2018년 3월 16일 by admin

CVE-2017-18234

An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.

Source: CVE-2017-18234

CVE-2017-18235

Posted on 2018년 3월 16일2018년 3월 16일 by admin

CVE-2017-18235

An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file.

Source: CVE-2017-18235

CVE-2017-18236

Posted on 2018년 3월 16일2018년 3월 16일 by admin

CVE-2017-18236

An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.

Source: CVE-2017-18236

CVE-2017-18238

Posted on 2018년 3월 16일2018년 3월 16일 by admin

CVE-2017-18238

An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.

Source: CVE-2017-18238

CVE-2017-18237

Posted on 2018년 3월 16일2018년 3월 16일 by admin

CVE-2017-18237

An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file.

Source: CVE-2017-18237

CVE-2018-6220

Posted on 2018년 3월 16일2018년 3월 16일 by admin

CVE-2018-6220

An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.

Source: CVE-2018-6220

CVE-2018-6219

Posted on 2018년 3월 16일2018년 3월 16일 by admin

CVE-2018-6219

An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with with certain types of update data.

Source: CVE-2018-6219

CVE-2018-6222

Posted on 2018년 3월 16일2018년 3월 16일 by admin

CVE-2018-6222

Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.

Source: CVE-2018-6222