» 2018 » 4월

CVE-2018-9234

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.

Source: CVE-2018-9234

CVE-2018-8941

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-8941

Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the ‘set Diagnostics_Entry’ function in an HTTP request, related to /userfs/bin/tcapi.

Source: CVE-2018-8941

CVE-2018-9240

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-9240

ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.

Source: CVE-2018-9240

CVE-2017-4028

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2017-4028

Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.

Source: CVE-2017-4028

CVE-2017-17742

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2017-17742

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

Source: CVE-2017-17742

CVE-2018-6914

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.

Source: CVE-2018-6914

CVE-2017-3972

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2017-3972

Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information.

Source: CVE-2017-3972

CVE-2015-1975

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2015-1975

The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694.

Source: CVE-2015-1975

CVE-2018-8780

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-8780

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.

Source: CVE-2018-8780

CVE-2018-8779

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.

Source: CVE-2018-8779