» 2018 » 8월

CVE-2018-10922

Posted on 2018년 8월 3일2018년 8월 3일 by admin

CVE-2018-10922

An input validation flaw exists in ttembed. With a crafted input file, an attacker may be able to trigger a denial of service condition due to ttembed trusting attacker controlled values.

Source: CVE-2018-10922

CVE-2018-10921

Posted on 2018년 8월 3일2018년 8월 3일 by admin

CVE-2018-10921

Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fgetc/fputc function calls.

Source: CVE-2018-10921

CVE-2018-7649

Posted on 2018년 8월 3일2018년 8월 3일 by admin

CVE-2018-7649

Monitorix before 3.10.1 allows XSS via CGI variables.

Source: CVE-2018-7649

CVE-2017-9120

Posted on 2018년 8월 3일2018년 8월 3일 by admin

CVE-2017-9120

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

Source: CVE-2017-9120

CVE-2017-9118

Posted on 2018년 8월 3일2018년 8월 3일 by admin

CVE-2017-9118

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

Source: CVE-2017-9118

CVE-2018-1336

Posted on 2018년 8월 2일2018년 8월 3일 by admin

CVE-2018-1336

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

Source: CVE-2018-1336

CVE-2018-8037

Posted on 2018년 8월 2일2018년 8월 3일 by admin

CVE-2018-8037

A bug in the tracking of connection closures can lead to reuse of user sessions in a new connection. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.

Source: CVE-2018-8037

CVE-2018-1554

Posted on 2018년 8월 2일2018년 8월 3일 by admin

CVE-2018-1554

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891.

Source: CVE-2018-1554

CVE-2018-12448

Posted on 2018년 8월 2일2018년 8월 2일 by admin

CVE-2018-12448

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser’s address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.

Source: CVE-2018-12448

CVE-2018-8032

Posted on 2018년 8월 2일2018년 8월 2일 by admin

CVE-2018-8032

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

Source: CVE-2018-8032