» 2018 » 4월

CVE-2018-8778

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.

Source: CVE-2018-8778

CVE-2018-8777

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-8777

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).

Source: CVE-2018-8777

CVE-2018-8049

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-8049

The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets.

Source: CVE-2018-8049

CVE-2018-3641

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-3641

Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user.

Source: CVE-2018-3641

CVE-2017-5703

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2017-5703

Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service.

Source: CVE-2017-5703

CVE-2018-3638

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-3638

Escalation of privilege in all versions of the Intel Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user.

Source: CVE-2018-3638

CVE-2018-3645

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-3645

Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.

Source: CVE-2018-3645

CVE-2018-5826

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-5826

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver.

Source: CVE-2018-5826

CVE-2018-5825

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-5825

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur.

Source: CVE-2018-5825

CVE-2018-5824

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-5824

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range.

Source: CVE-2018-5824