CVE-2018-1338
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika’s BPGParser in versions of Apache Tika before 1.18.
Source: CVE-2018-1338
[월:] 2018년 04월
CVE-2018-1339
CVE-2018-1339
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika’s ChmParser in versions of Apache Tika before 1.18.
Source: CVE-2018-1339
CVE-2018-5486
CVE-2018-5486
NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code.
Source: CVE-2018-5486
CVE-2017-6888
CVE-2017-6888
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
Source: CVE-2017-6888
CVE-2018-9102
CVE-2018-9102
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database.
Source: CVE-2018-9102
CVE-2018-9103
CVE-2018-9103
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
Source: CVE-2018-9103
CVE-2014-0872
CVE-2014-0872
The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.
Source: CVE-2014-0872
CVE-2014-0881
CVE-2014-0881
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146.
Source: CVE-2014-0881
CVE-2014-0882
CVE-2014-0882
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.
Source: CVE-2014-0882
CVE-2018-8716
CVE-2018-8716
WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.
Source: CVE-2018-8716