» 2019 » 5월

CVE-2019-12379

Posted on 2019년 5월 28일2019년 5월 28일 by admin

CVE-2019-12379

An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc.

Source: CVE-2019-12379

CVE-2019-12383

Posted on 2019년 5월 28일2019년 5월 28일 by admin

CVE-2019-12383

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser’s UI locale by measuring a button width, even if the user has a "Don’t send my language" setting.

Source: CVE-2019-12383

CVE-2019-12378

Posted on 2019년 5월 28일2019년 5월 28일 by admin

CVE-2019-12378

An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

Source: CVE-2019-12378

CVE-2019-12380

Posted on 2019년 5월 28일2019년 5월 28일 by admin

CVE-2019-12380

An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures.

Source: CVE-2019-12380

CVE-2019-12382

Posted on 2019년 5월 28일2019년 5월 28일 by admin

CVE-2019-12382

An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

Source: CVE-2019-12382

CVE-2019-12381

Posted on 2019년 5월 28일2019년 5월 28일 by admin

CVE-2019-12381

An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

Source: CVE-2019-12381

CVE-2019-12372

Posted on 2019년 5월 28일2019년 5월 28일 by admin

CVE-2019-12372

Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form.

Source: CVE-2019-12372

CVE-2019-12360

Posted on 2019년 5월 28일2019년 5월 28일 by admin

CVE-2019-12360

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

Source: CVE-2019-12360

CVE-2019-12361

Posted on 2019년 5월 28일2019년 5월 28일 by admin

CVE-2019-12361

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.

Source: CVE-2019-12361

CVE-2019-12362

Posted on 2019년 5월 28일2019년 5월 28일 by admin

CVE-2019-12362

EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.

Source: CVE-2019-12362