» 2019 » 5월

CVE-2019-12507

Posted on 2019년 5월 31일2019년 6월 1일 by admin

CVE-2019-12507

An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter.

Source: CVE-2019-12507

CVE-2019-12502

Posted on 2019년 5월 31일2019년 5월 31일 by admin

CVE-2019-12502

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI.

Source: CVE-2019-12502

CVE-2019-12500

Posted on 2019년 5월 31일2019년 5월 31일 by admin

CVE-2019-12500

The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking.

Source: CVE-2019-12500

CVE-2019-12499

Posted on 2019년 5월 31일2019년 5월 31일 by admin

CVE-2019-12499

Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the –shutdown control command). This is similar to CVE-2019-5736.

Source: CVE-2019-12499

CVE-2019-12496

Posted on 2019년 5월 31일2019년 5월 31일 by admin

CVE-2019-12496

An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default.

Source: CVE-2019-12496

CVE-2019-12495

Posted on 2019년 5월 31일2019년 5월 31일 by admin

CVE-2019-12495

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches.

Source: CVE-2019-12495

CVE-2019-12493

Posted on 2019년 5월 31일2019년 5월 31일 by admin

CVE-2019-12493

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.

Source: CVE-2019-12493

CVE-2019-12483

Posted on 2019년 5월 31일2019년 5월 31일 by admin

CVE-2019-12483

An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.

Source: CVE-2019-12483

CVE-2019-12481

Posted on 2019년 5월 31일2019년 5월 31일 by admin

CVE-2019-12481

An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.

Source: CVE-2019-12481

CVE-2019-12482

Posted on 2019년 5월 31일2019년 5월 31일 by admin

CVE-2019-12482

An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.

Source: CVE-2019-12482