» 2019 » 6월

CVE-2019-0985

Posted on 2019년 6월 12일2019년 6월 13일 by admin

CVE-2019-0985

A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input, aka ‘Microsoft Speech API Remote Code Execution Vulnerability’.

Source: CVE-2019-0985

CVE-2019-1015

Posted on 2019년 6월 12일2019년 6월 13일 by admin

CVE-2019-1015

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.

Source: CVE-2019-1015

CVE-2019-10157

Posted on 2019년 6월 12일2019년 6월 13일 by admin

CVE-2019-10157

It was found that Keycloak’s Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely.

Source: CVE-2019-10157

CVE-2019-0984

Posted on 2019년 6월 12일2019년 6월 13일 by admin

CVE-2019-0984

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0959.

Source: CVE-2019-0984

CVE-2019-10155

Posted on 2019년 6월 12일2019년 6월 13일 by admin

CVE-2019-10155

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

Source: CVE-2019-10155

CVE-2019-0983

Posted on 2019년 6월 12일2019년 6월 13일 by admin

CVE-2019-0983

An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka ‘Windows Storage Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0998.

Source: CVE-2019-0983

CVE-2019-0909 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

Posted on 2019년 6월 12일2019년 6월 13일 by admin

CVE-2019-0909 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0974.

Source: CVE-2019-0909 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

CVE-2019-0906 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

Posted on 2019년 6월 12일2019년 6월 13일 by admin

CVE-2019-0906 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

Source: CVE-2019-0906 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)

CVE-2019-0908

Posted on 2019년 6월 12일2019년 6월 13일 by admin

CVE-2019-0908

Source: CVE-2019-0908

CVE-2019-0948

Posted on 2019년 6월 12일2019년 6월 13일 by admin

CVE-2019-0948

An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity, aka ‘Windows Event Viewer Information Disclosure Vulnerability’.

Source: CVE-2019-0948