CVE-2019-4620
IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863.
Source: CVE-2019-4620
[월:] 2020년 01월
CVE-2019-4631
CVE-2019-4631
IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 170001.
Source: CVE-2019-4631
CVE-2015-8011
CVE-2015-8011
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
Source: CVE-2015-8011
CVE-2015-8012
CVE-2015-8012
lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.
Source: CVE-2015-8012
CVE-2019-17338
CVE-2019-17338
The user interface component of TIBCO Software Inc.’s TIBCO Patterns – Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.’s TIBCO Patterns – Search: versions 5.4.0 and below.
Source: CVE-2019-17338
CVE-2020-5210
CVE-2020-5210
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
Source: CVE-2020-5210
CVE-2020-5212
CVE-2020-5212
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.
This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.
Users should upgrade to NetHack 3.6.5.
Source: CVE-2020-5212
CVE-2020-5214
CVE-2020-5214
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.
This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.
Users should upgrade to NetHack 3.6.5.
Source: CVE-2020-5214
CVE-2020-5209
CVE-2020-5209
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
Source: CVE-2020-5209
CVE-2020-8112
CVE-2020-8112
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
Source: CVE-2020-8112