» 2020 » 3월

CVE-2020-6420

Posted on 2020년 3월 24일2020년 3월 24일 by admin

CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Source: CVE-2020-6420

CVE-2020-6449

Posted on 2020년 3월 24일2020년 3월 24일 by admin

CVE-2020-6449

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Source: CVE-2020-6449

CVE-2020-6429

Posted on 2020년 3월 24일2020년 3월 24일 by admin

CVE-2020-6429

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Source: CVE-2020-6429

CVE-2020-6428

Posted on 2020년 3월 24일2020년 3월 24일 by admin

CVE-2020-6428

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Source: CVE-2020-6428

CVE-2020-6427

Posted on 2020년 3월 24일2020년 3월 24일 by admin

CVE-2020-6427

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Source: CVE-2020-6427

CVE-2020-6426

Posted on 2020년 3월 24일2020년 3월 24일 by admin

CVE-2020-6426

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Source: CVE-2020-6426

CVE-2019-4718

Posted on 2020년 3월 24일2020년 3월 24일 by admin

CVE-2019-4718

IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123.

Source: CVE-2019-4718

CVE-2020-10364

Posted on 2020년 3월 24일2020년 3월 24일 by admin

CVE-2020-10364

The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.

Source: CVE-2020-10364

CVE-2020-8497

Posted on 2020년 3월 24일2020년 3월 24일 by admin

CVE-2020-8497

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.

Source: CVE-2020-8497

CVE-2016-11022

Posted on 2020년 3월 24일2020년 3월 24일 by admin

CVE-2016-11022

NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.

Source: CVE-2016-11022