[월:] 2020년 01월

CVE-2014-1850

Posted on by admin

CVE-2014-1850

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3743. Reason: This candidate is a duplicate of CVE-2014-3743. Notes: All CVE users should reference CVE-2014-3743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2014-1850

CVE-2015-4039

Posted on by admin

CVE-2015-4039

Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2.

Source: CVE-2015-4039

CVE-2019-9470

Posted on by admin

CVE-2019-9470

In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144167528

Source: CVE-2019-9470

CVE-2019-9472

Posted on by admin

CVE-2019-9472

In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-130237611

Source: CVE-2019-9472

CVE-2019-9471

Posted on by admin

CVE-2019-9471

In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144168326

Source: CVE-2019-9471