» 2019 » 2월

CVE-2018-20797

Posted on 2019년 2월 28일2019년 2월 28일 by admin

CVE-2018-20797

An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.

Source: CVE-2018-20797

CVE-2019-8410 (maccms)

Posted on 2019년 2월 28일2019년 2월 28일 by admin

CVE-2019-8410 (maccms)

Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).

Source: CVE-2019-8410 (maccms)

CVE-2019-9210

Posted on 2019년 2월 27일2019년 2월 28일 by admin

CVE-2019-9210

In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)

Source: CVE-2019-9210

CVE-2019-7006

Posted on 2019년 2월 27일2019년 2월 27일 by admin

CVE-2019-7006

Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.

Source: CVE-2019-7006

CVE-2019-9201

Posted on 2019년 2월 27일2019년 2월 27일 by admin

CVE-2019-9201

Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.

Source: CVE-2019-9201

CVE-2019-9200

Posted on 2019년 2월 27일2019년 2월 27일 by admin

CVE-2019-9200

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Source: CVE-2019-9200

CVE-2019-9199

Posted on 2019년 2월 27일2019년 2월 27일 by admin

CVE-2019-9199

PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Source: CVE-2019-9199

CVE-2019-9195

Posted on 2019년 2월 27일2019년 2월 27일 by admin

CVE-2019-9195

util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files in an archive.

Source: CVE-2019-9195

CVE-2019-9194

Posted on 2019년 2월 27일2019년 2월 27일 by admin

CVE-2019-9194

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.

Source: CVE-2019-9194

CVE-2019-9192

Posted on 2019년 2월 27일2019년 2월 27일 by admin

CVE-2019-9192

** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by ‘(|)(11)*’ in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.

Source: CVE-2019-9192