CVE-2018-9136
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file, a different vulnerability than CVE-2018-8821.
Source: CVE-2018-9136
[월:] 2018년 03월
CVE-2018-9138
CVE-2018-9138
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.
Source: CVE-2018-9138
CVE-2016-6658
CVE-2016-6658
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
Source: CVE-2016-6658
CVE-2017-16512
CVE-2017-16512
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.
Source: CVE-2017-16512
CVE-2016-0898
CVE-2016-0898
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
Source: CVE-2016-0898
CVE-2017-16839
CVE-2017-16839
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.
Source: CVE-2017-16839
CVE-2017-16873
CVE-2017-16873
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges.
Source: CVE-2017-16873
CVE-2018-1191
CVE-2018-1191
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.
Source: CVE-2018-1191
CVE-2015-4953
CVE-2015-4953
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197.
Source: CVE-2015-4953
CVE-2015-4952
CVE-2015-4952
The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196.
Source: CVE-2015-4952