» 2019 » 8월

CVE-2019-3964

Posted on 2019년 8월 21일2019년 8월 21일 by admin

CVE-2019-3964

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user’s session.

Source: CVE-2019-3964

CVE-2019-3963

Posted on 2019년 8월 21일2019년 8월 21일 by admin

CVE-2019-3963

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user’s session.

Source: CVE-2019-3963

CVE-2019-11209

Posted on 2019년 8월 21일2019년 8월 21일 by admin

CVE-2019-11209

The realm configuration component of TIBCO Software Inc.’s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0.

Source: CVE-2019-11209

CVE-2018-18056

Posted on 2019년 8월 21일2019년 8월 21일 by admin

CVE-2018-18056

An issue was discovered in the Texas Instruments (TI) TM4C microcontroller series, such as the TM4C123. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash memory. As a consequence, it is possible to execute single instructions with arbitrary system states (e.g., registers, status flags, and SRAM content) and observe the state changes produced by the unknown instruction. An attacker could exploit this vulnerability by executing protected and unknown instructions with specific system states and observing the state changes. Based on the gathered information, it is possible to reverse-engineer the executed instructions. The processor acts as a kind of "instruction oracle."

Source: CVE-2018-18056