» 2018 » 6월

CVE-2018-10945

Posted on 2018년 6월 20일2018년 6월 20일 by admin

CVE-2018-10945

The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.

Source: CVE-2018-10945

CVE-2018-11116

Posted on 2018년 6월 20일2018년 6월 20일 by admin

CVE-2018-11116

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution.

Source: CVE-2018-11116

CVE-2018-11731

Posted on 2018년 6월 20일2018년 6월 20일 by admin

CVE-2018-11731

The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.

Source: CVE-2018-11731

CVE-2018-11725

Posted on 2018년 6월 20일2018년 6월 20일 by admin

CVE-2018-11725

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file.

Source: CVE-2018-11725

CVE-2018-11729

Posted on 2018년 6월 20일2018년 6월 20일 by admin

CVE-2018-11729

The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.

Source: CVE-2018-11729

CVE-2018-11730

Posted on 2018년 6월 20일2018년 6월 20일 by admin

CVE-2018-11730

The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file.

Source: CVE-2018-11730

CVE-2018-11728

Posted on 2018년 6월 20일2018년 6월 20일 by admin

CVE-2018-11728

The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.

Source: CVE-2018-11728

CVE-2018-12293

Posted on 2018년 6월 20일2018년 6월 20일 by admin

CVE-2018-12293

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.

Source: CVE-2018-12293

CVE-2018-12097

Posted on 2018년 6월 20일2018년 6월 20일 by admin

CVE-2018-12097

The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file.

Source: CVE-2018-12097

CVE-2018-12098

Posted on 2018년 6월 20일2018년 6월 20일 by admin

CVE-2018-12098

The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file.

Source: CVE-2018-12098