» 2018 » 7월

CVE-2018-14036

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14036

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

Source: CVE-2018-14036

CVE-2018-14035

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14035

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.

Source: CVE-2018-14035

CVE-2018-14034

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14034

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.

Source: CVE-2018-14034

CVE-2018-14033

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14033

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.

Source: CVE-2018-14033

CVE-2018-14032

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14032

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c, related to HDmemcpy.

Source: CVE-2018-14032

CVE-2018-14029

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14029

CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account’s email field.

Source: CVE-2018-14029

CVE-2018-14031

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14031

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.

Source: CVE-2018-14031

CVE-2018-14017

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14017

The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.

Source: CVE-2018-14017

CVE-2018-14016

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14016

The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file.

Source: CVE-2018-14016

CVE-2018-14015

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14015

The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.

Source: CVE-2018-14015