» 2018 » 4월

CVE-2017-0362

Posted on 2018년 4월 14일2018년 4월 16일 by admin

CVE-2017-0362

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.

Source: CVE-2017-0362

CVE-2017-0358

Posted on 2018년 4월 14일2018년 4월 16일 by admin

CVE-2017-0358

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

Source: CVE-2017-0358

CVE-2017-0357

Posted on 2018년 4월 14일2018년 4월 16일 by admin

CVE-2017-0357

A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.

Source: CVE-2017-0357

CVE-2017-0356

Posted on 2018년 4월 14일2018년 4월 16일 by admin

CVE-2017-0356

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin’s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.

Source: CVE-2017-0356

CVE-2016-9646

Posted on 2018년 4월 14일2018년 4월 16일 by admin

CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla’s CVE-2014-1572), which can be abused to lead to commit metadata forgery.

Source: CVE-2016-9646

CVE-2018-6958

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2018-6958

VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user’s workstation.

Source: CVE-2018-6958

CVE-2017-6155

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2017-6155

On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure.

Source: CVE-2017-6155

CVE-2018-5511

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2018-5511

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

Source: CVE-2018-5511

CVE-2018-5510

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2018-5510

On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers.

Source: CVE-2018-5510

CVE-2018-10066

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2018-10066

An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client’s internal network (for example, at site-to-site tunnels).

Source: CVE-2018-10066