Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 5시간 59분 지남

CVE-2019-13421

금, 2019/08/23 - 11:15오후
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

CVE-2019-13422

금, 2019/08/23 - 11:15오후
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.

CVE-2019-13423

금, 2019/08/23 - 11:15오후
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time

CVE-2019-14999

금, 2019/08/23 - 11:15오후
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.

CVE-2019-8444

금, 2019/08/23 - 11:15오후
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.

CVE-2019-8445

금, 2019/08/23 - 11:15오후
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.

CVE-2019-8446

금, 2019/08/23 - 11:15오후
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVE-2019-8447

금, 2019/08/23 - 11:15오후
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.

CVE-2019-11584

금, 2019/08/23 - 11:15오후
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.

CVE-2019-11585

금, 2019/08/23 - 11:15오후
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

CVE-2019-11586

금, 2019/08/23 - 11:15오후
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.

CVE-2019-15482

금, 2019/08/23 - 10:15오후
selectize-plugin-a11y before 1.1.0 has XSS via the msg field.

CVE-2019-15483

금, 2019/08/23 - 10:15오후
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.

CVE-2019-15484

금, 2019/08/23 - 10:15오후
Bolt before 3.6.10 has XSS via an image's alt or title field.

CVE-2019-15485

금, 2019/08/23 - 10:15오후
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.

CVE-2019-15486

금, 2019/08/23 - 10:15오후
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline.

CVE-2019-15487

금, 2019/08/23 - 10:15오후
DfE School Experience before v16333-GA has XSS via a teacher training URL.

CVE-2019-15488

금, 2019/08/23 - 10:15오후
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.

CVE-2019-15490

금, 2019/08/23 - 10:15오후
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.

CVE-2019-15491

금, 2019/08/23 - 10:15오후
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.

페이지