» 2018 » 7월

CVE-2018-14392

Posted on 2018년 7월 19일2018년 7월 19일 by admin

CVE-2018-14392

The New Threads plugin before 1.2 for MyBB has XSS.

Source: CVE-2018-14392

CVE-2018-14344

Posted on 2018년 7월 19일2018년 7월 19일 by admin

CVE-2018-14344

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.

Source: CVE-2018-14344

CVE-2018-14342

Posted on 2018년 7월 19일2018년 7월 19일 by admin

CVE-2018-14342

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.

Source: CVE-2018-14342

CVE-2018-14343

Posted on 2018년 7월 19일2018년 7월 19일 by admin

CVE-2018-14343

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.

Source: CVE-2018-14343

CVE-2018-14340

Posted on 2018년 7월 19일2018년 7월 19일 by admin

CVE-2018-14340

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.

Source: CVE-2018-14340

CVE-2018-14341

Posted on 2018년 7월 19일2018년 7월 19일 by admin

CVE-2018-14341

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.

Source: CVE-2018-14341

CVE-2018-14369

Posted on 2018년 7월 19일2018년 7월 19일 by admin

CVE-2018-14369

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.

Source: CVE-2018-14369

CVE-2018-14339

Posted on 2018년 7월 19일2018년 7월 19일 by admin

CVE-2018-14339

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.

Source: CVE-2018-14339

CVE-2018-0399

Posted on 2018년 7월 19일2018년 7월 19일 by admin

CVE-2018-0399

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.

Source: CVE-2018-0399

CVE-2018-0394

Posted on 2018년 7월 19일2018년 7월 19일 by admin

CVE-2018-0394

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter. Cisco Bug IDs: CSCvi12935.

Source: CVE-2018-0394