» 2018 » 7월

An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.

Source: CVE-2018-13865

CVE-2018-13863

Posted on 2018년 7월 11일2018년 7월 11일 by admin

CVE-2018-13863

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.

Source: CVE-2018-13863

CVE-2018-10872

Posted on 2018년 7월 11일2018년 7월 11일 by admin

CVE-2018-10872

A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE.

Source: CVE-2018-10872

CVE-2018-12462

Posted on 2018년 7월 11일2018년 7월 11일 by admin

CVE-2018-12462

NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.

Source: CVE-2018-12462

CVE-2018-1116

Posted on 2018년 7월 11일2018년 7월 11일 by admin

CVE-2018-1116

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.

Source: CVE-2018-1116