» 2019 » 4월

CVE-2019-11577

Posted on 2019년 4월 29일2019년 4월 29일 by admin

CVE-2019-11577

dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.

Source: CVE-2019-11577

CVE-2019-11578

Posted on 2019년 4월 29일2019년 4월 29일 by admin

CVE-2019-11578

auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.

Source: CVE-2019-11578

CVE-2019-11576

Posted on 2019년 4월 28일2019년 4월 28일 by admin

CVE-2019-11576

Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user’s credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password.

Source: CVE-2019-11576

CVE-2019-11565

Posted on 2019년 4월 27일2019년 4월 28일 by admin

CVE-2019-11565

Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter.

Source: CVE-2019-11565

CVE-2019-11568

Posted on 2019년 4월 27일2019년 4월 28일 by admin

CVE-2019-11568

An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type.

Source: CVE-2019-11568

CVE-2019-11567

Posted on 2019년 4월 27일2019년 4월 28일 by admin

CVE-2019-11567

An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET[‘del’], as demonstrated by an admin/page/system/nav.php?del= URI.

Source: CVE-2019-11567

CVE-2019-11555

Posted on 2019년 4월 27일2019년 4월 27일 by admin

CVE-2019-11555

The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.

Source: CVE-2019-11555

CVE-2019-11557

Posted on 2019년 4월 27일2019년 4월 27일 by admin

CVE-2019-11557

The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST[‘action’] value and the $_GET[‘action’] value, and the latter is unsanitized.

Source: CVE-2019-11557

CVE-2019-7476

Posted on 2019년 4월 27일2019년 4월 27일 by admin

CVE-2019-7476

A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.

Source: CVE-2019-7476

CVE-2019-11492

Posted on 2019년 4월 27일2019년 4월 27일 by admin

CVE-2019-11492

ProjectSend before r1070 writes user passwords to the server logs.

Source: CVE-2019-11492