» 2019 » 2월

CVE-2019-5755 (chrome)

Posted on 2019년 2월 20일2019년 2월 20일 by admin

CVE-2019-5755 (chrome)

Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

Source: CVE-2019-5755 (chrome)

CVE-2019-5760 (chrome)

Posted on 2019년 2월 20일2019년 2월 20일 by admin

CVE-2019-5760 (chrome)

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Source: CVE-2019-5760 (chrome)

CVE-2019-8939 (tautulli)

Posted on 2019년 2월 20일2019년 2월 20일 by admin

CVE-2019-8939 (tautulli)

data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.

Source: CVE-2019-8939 (tautulli)

CVE-2019-8935 (collabtive)

Posted on 2019년 2월 20일2019년 2월 20일 by admin

CVE-2019-8935 (collabtive)

Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.

Source: CVE-2019-8935 (collabtive)

CVE-2019-3812

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2019-3812

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

Source: CVE-2019-3812

CVE-2019-8933

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2019-8933

In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php.

Source: CVE-2019-8933

CVE-2019-8919

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2019-8919

The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.

Source: CVE-2019-8919

CVE-2019-7629 (tintin++, wintin++)

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2019-7629 (tintin++, wintin++)

Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.

Source: CVE-2019-7629 (tintin++, wintin++)

CVE-2019-8917 (orion_network_performance_monitor)

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2019-8917 (orion_network_performance_monitor)

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user.

Source: CVE-2019-8917 (orion_network_performance_monitor)

CVE-2019-8911 (wtcms)

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2019-8911 (wtcms)

An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).

Source: CVE-2019-8911 (wtcms)