» 2020 » 1월

CVE-2019-5082

Posted on 2020년 1월 9일2020년 1월 9일 by admin

CVE-2019-5082

An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.

Source: CVE-2019-5082

CVE-2019-20364 (openfire)

Posted on 2020년 1월 9일2020년 1월 9일 by admin

CVE-2019-20364 (openfire)

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp.

Source: CVE-2019-20364 (openfire)

CVE-2019-19544

Posted on 2020년 1월 9일2020년 1월 9일 by admin

CVE-2019-19544

CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015.

Source: CVE-2019-19544

CVE-2019-20363 (openfire)

Posted on 2020년 1월 9일2020년 1월 9일 by admin

CVE-2019-20363 (openfire)

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.

Source: CVE-2019-20363 (openfire)

CVE-2019-20367

Posted on 2020년 1월 9일2020년 1월 9일 by admin

CVE-2019-20367

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).

Source: CVE-2019-20367

CVE-2019-20366 (openfire)

Posted on 2020년 1월 9일2020년 1월 9일 by admin

CVE-2019-20366 (openfire)

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.

Source: CVE-2019-20366 (openfire)

CVE-2019-20365 (openfire)

Posted on 2020년 1월 9일2020년 1월 9일 by admin

CVE-2019-20365 (openfire)

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.

Source: CVE-2019-20365 (openfire)

CVE-2016-6586

Posted on 2020년 1월 9일2020년 1월 9일 by admin

CVE-2016-6586

A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.

Source: CVE-2016-6586

CVE-2019-10777

Posted on 2020년 1월 9일2020년 1월 9일 by admin

CVE-2019-10777

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName".

Source: CVE-2019-10777

CVE-2014-5287

Posted on 2020년 1월 9일2020년 1월 9일 by admin

CVE-2014-5287

A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).

Source: CVE-2014-5287