» 2019 » 8월

CVE-2019-15559

Posted on 2019년 8월 27일2019년 8월 27일 by admin

CVE-2019-15559

DianoxDragon Hawn before 2019-07-10 allows SQL injection.

Source: CVE-2019-15559

CVE-2019-4513

Posted on 2019년 8월 27일2019년 8월 27일 by admin

CVE-2019-4513

IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.

Source: CVE-2019-4513

CVE-2019-4448

Posted on 2019년 8월 27일2019년 8월 27일 by admin

CVE-2019-4448

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.

Source: CVE-2019-4448

CVE-2019-4447

Posted on 2019년 8월 27일2019년 8월 27일 by admin

CVE-2019-4447

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.

Source: CVE-2019-4447

CVE-2019-4169

Posted on 2019년 8월 27일2019년 8월 27일 by admin

CVE-2019-4169

IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.

Source: CVE-2019-4169