» 2018 » 6월

CVE-2018-12934

Posted on 2018년 6월 28일2018년 6월 29일 by admin

CVE-2018-12934

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

Source: CVE-2018-12934

CVE-2018-12929

Posted on 2018년 6월 28일2018년 6월 29일 by admin

CVE-2018-12929

ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.

Source: CVE-2018-12929

CVE-2018-12928

Posted on 2018년 6월 28일2018년 6월 29일 by admin

CVE-2018-12928

In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.

Source: CVE-2018-12928

CVE-2017-16859

Posted on 2018년 6월 28일2018년 6월 29일 by admin

CVE-2017-16859

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.

Source: CVE-2017-16859

CVE-2018-12921

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-12921

Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI.

Source: CVE-2018-12921

CVE-2018-12924

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-12924

Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service.

Source: CVE-2018-12924

CVE-2018-12926

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-12926

Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI.

Source: CVE-2018-12926

CVE-2018-12923

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-12923

BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI.

Source: CVE-2018-12923

CVE-2018-12922

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-12922

Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.

Source: CVE-2018-12922

CVE-2018-12927

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-12927

Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI.

Source: CVE-2018-12927