» 2020 » 3월

CVE-2020-8141

Posted on 2020년 3월 16일2020년 3월 16일 by admin

CVE-2020-8141

The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.

Source: CVE-2020-8141

CVE-2020-10587

Posted on 2020년 3월 15일2020년 3월 15일 by admin

CVE-2020-10587

antiX and MX Linux allow local users to achieve root access via "persist-config –command /bin/sh" because of the Sudo configuration.

Source: CVE-2020-10587

CVE-2020-10577

Posted on 2020년 3월 15일2020년 3월 15일 by admin

CVE-2020-10577

An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.

Source: CVE-2020-10577

CVE-2020-10578

Posted on 2020년 3월 15일2020년 3월 15일 by admin

CVE-2020-10578

An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.

Source: CVE-2020-10578

CVE-2020-10573

Posted on 2020년 3월 15일2020년 3월 15일 by admin

CVE-2020-10573

An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.

Source: CVE-2020-10573

CVE-2020-10575

Posted on 2020년 3월 15일2020년 3월 15일 by admin

CVE-2020-10575

An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.

Source: CVE-2020-10575

CVE-2020-10574

Posted on 2020년 3월 15일2020년 3월 15일 by admin

CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn’t actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.

Source: CVE-2020-10574

CVE-2020-10576

Posted on 2020년 3월 15일2020년 3월 15일 by admin

CVE-2020-10576

An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.

Source: CVE-2020-10576

CVE-2020-10571

Posted on 2020년 3월 15일2020년 3월 15일 by admin

CVE-2020-10571

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.

Source: CVE-2020-10571

CVE-2020-10567

Posted on 2020년 3월 14일2020년 3월 15일 by admin

CVE-2020-10567

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)

Source: CVE-2020-10567