» 2020 » 2월

CVE-2019-4669

Posted on 2020년 2월 28일2020년 2월 28일 by admin

CVE-2019-4669

IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.

Source: CVE-2019-4669

CVE-2018-19668

Posted on 2020년 2월 27일2020년 2월 27일 by admin

CVE-2018-19668

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-17963. Reason: This candidate is a reservation duplicate of CVE-2018-17963. Notes: All CVE users should reference CVE-2018-17963 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2018-19668

CVE-2019-12882

Posted on 2020년 2월 27일2020년 2월 27일 by admin

CVE-2019-12882

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2019-12882

CVE-2017-6371

Posted on 2020년 2월 27일2020년 2월 27일 by admin

CVE-2017-6371

Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.

Source: CVE-2017-6371

CVE-2017-6363

Posted on 2020년 2월 27일2020년 2월 27일 by admin

CVE-2017-6363

** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be ‘obsolete, and should only be used for development and testing purposes.’"

Source: CVE-2017-6363

CVE-2017-5861

Posted on 2020년 2월 27일2020년 2월 27일 by admin

CVE-2017-5861

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000020. Reason: This candidate is a reservation duplicate of CVE-2017-1000020. Notes: All CVE users should reference CVE-2017-1000020 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2017-5861

CVE-2020-3923

Posted on 2020년 2월 27일2020년 2월 27일 by admin

CVE-2020-3923

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system.

Source: CVE-2020-3923

CVE-2020-3924

Posted on 2020년 2월 27일2020년 2월 27일 by admin

CVE-2020-3924

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system.

Source: CVE-2020-3924

CVE-2015-5686

Posted on 2020년 2월 27일2020년 2월 27일 by admin

CVE-2015-5686

Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.

Source: CVE-2015-5686

CVE-2019-18238

Posted on 2020년 2월 27일2020년 2월 27일 by admin

CVE-2019-18238

Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower. Sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.

Source: CVE-2019-18238