» 2018 » 4월

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.

Source: CVE-2018-3886

CVE-2018-3887

Posted on 2018년 4월 12일2018년 4월 12일 by admin

CVE-2018-3887

Source: CVE-2018-3887

CVE-2018-1100

Posted on 2018년 4월 12일2018년 4월 12일 by admin

CVE-2018-1100

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.

Source: CVE-2018-1100

CVE-2018-0017

Posted on 2018년 4월 12일2018년 4월 12일 by admin

CVE-2018-0017

A vulnerability in the Network Address Translation – Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition for the SRX device. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D72; 12.3X48 versions prior to 12.3X48-D55; 15.1X49 versions prior to 15.1X49-D90.

Source: CVE-2018-0017

CVE-2017-7534

Posted on 2018년 4월 12일2018년 4월 12일 by admin

CVE-2017-7534

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.

Source: CVE-2017-7534