» 2018 » 12월

CVE-2018-5203

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-5203

DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.

Source: CVE-2018-5203

CVE-2018-20574

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20574

The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Source: CVE-2018-20574

CVE-2018-20573

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20573

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Source: CVE-2018-20573

CVE-2018-20572

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20572

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.

Source: CVE-2018-20572

CVE-2018-20571

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20571

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.PublicConfigconfig.ini.php to read the global configuration file.

Source: CVE-2018-20571

CVE-2018-20538

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20538

There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.

Source: CVE-2018-20538

CVE-2018-20548

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20548

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.

Source: CVE-2018-20548

CVE-2018-20541

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20541

There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses).

Source: CVE-2018-20541

CVE-2018-20539

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20539

There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.

Source: CVE-2018-20539

CVE-2018-20547

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20547

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.

Source: CVE-2018-20547