» 2018 » 4월

CVE-2017-13279

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13279

In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439.

Source: CVE-2017-13279

CVE-2017-13281

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13281

In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262.

Source: CVE-2017-13281

CVE-2017-13282

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13282

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315.

Source: CVE-2017-13282

CVE-2017-13283

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13283

In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410.

Source: CVE-2017-13283

CVE-2017-13277

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13277

In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027.

Source: CVE-2017-13277

CVE-2017-13275

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13275

In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908.

Source: CVE-2017-13275

CVE-2018-9249

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2018-9249

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location=’login.html’ JavaScript code in the response to an unauthenticated request.

Source: CVE-2018-9249

CVE-2018-9248

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2018-9248

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header.

Source: CVE-2018-9248

CVE-2018-9205

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2018-9205

Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn’t verify users or sanitize the file path.

Source: CVE-2018-9205

CVE-2018-8814

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2018-8814

Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request.

Source: CVE-2018-8814