» 2019 » 6월

CVE-2019-4225

Posted on 2019년 6월 27일2019년 6월 27일 by admin

CVE-2019-4225

IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.

Source: CVE-2019-4225

CVE-2019-12972

Posted on 2019년 6월 26일2019년 6월 27일 by admin

CVE-2019-12972

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing ‘{$content}’ character.

Source: CVE-2019-12972

CVE-2019-6169

Posted on 2019년 6월 26일2019년 6월 27일 by admin

CVE-2019-6169

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.

Source: CVE-2019-6169

CVE-2019-6168

Posted on 2019년 6월 26일2019년 6월 27일 by admin

CVE-2019-6168

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.

Source: CVE-2019-6168

CVE-2019-6167

Posted on 2019년 6월 26일2019년 6월 27일 by admin

CVE-2019-6167

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.

Source: CVE-2019-6167

CVE-2019-6166

Posted on 2019년 6월 26일2019년 6월 27일 by admin

CVE-2019-6166

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.

Source: CVE-2019-6166

CVE-2019-6163

Posted on 2019년 6월 26일2019년 6월 27일 by admin

CVE-2019-6163

A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow log files to be written to non-standard locations.

Source: CVE-2019-6163

CVE-2019-11272

Posted on 2019년 6월 26일2019년 6월 27일 by admin

CVE-2019-11272

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of ?null?.

Source: CVE-2019-11272

CVE-2019-12968

Posted on 2019년 6월 26일2019년 6월 26일 by admin

CVE-2019-12968

A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker. The issue has been remediated in the Doomseeker 1.3 release with source code patches to the SRB2 plugin.

Source: CVE-2019-12968

CVE-2019-12966

Posted on 2019년 6월 26일2019년 6월 26일 by admin

CVE-2019-12966

FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input.

Source: CVE-2019-12966