CVE-2018-19666
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITYSYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.
Source: CVE-2018-19666
[월:] 2018년 11월
CVE-2018-19655
CVE-2018-19655
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
Source: CVE-2018-19655
CVE-2018-19654
CVE-2018-19654
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists.
Source: CVE-2018-19654
CVE-2018-19628
CVE-2018-19628
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.
Source: CVE-2018-19628
CVE-2018-19627
CVE-2018-19627
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
Source: CVE-2018-19627
CVE-2018-19626
CVE-2018-19626
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding ‘{$content}’ termination.
Source: CVE-2018-19626
CVE-2018-19625
CVE-2018-19625
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.
Source: CVE-2018-19625
CVE-2018-19624
CVE-2018-19624
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
Source: CVE-2018-19624
CVE-2018-19623
CVE-2018-19623
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values.
Source: CVE-2018-19623
CVE-2018-19622
CVE-2018-19622
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
Source: CVE-2018-19622