» 2018 » 8월

CVE-2018-1712

Posted on 2018년 8월 17일2018년 8월 17일 by admin

CVE-2018-1712

IBM API Connect’s Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.

Source: CVE-2018-1712

CVE-2018-10139

Posted on 2018년 8월 17일2018년 8월 17일 by admin

CVE-2018-10139

The PAN-OS response page for GlobalProtect in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.

Source: CVE-2018-10139

CVE-2018-10140

Posted on 2018년 8월 17일2018년 8월 17일 by admin

CVE-2018-10140

The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.

Source: CVE-2018-10140

CVE-2018-11771

Posted on 2018년 8월 17일2018년 8월 17일 by admin

CVE-2018-11771

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17’s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress’ zip package.

Source: CVE-2018-11771

CVE-2018-1715

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2018-1715

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003.

Source: CVE-2018-1715

CVE-2017-13106

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2017-13106

Cheetahmobile CM Launcher 3D – Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

Source: CVE-2017-13106

CVE-2017-13108

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2017-13108

DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

Source: CVE-2017-13108

CVE-2017-13107

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2017-13107

Live.me – live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

Source: CVE-2017-13107

CVE-2017-13100

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2017-13100

DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

Source: CVE-2017-13100

CVE-2017-13101

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2017-13101

Musical.ly Inc., musical.ly – your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

Source: CVE-2017-13101