Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 3시간 11분 지남

CVE-2019-16884

목, 2019/09/26 - 3:15오전
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

CVE-2019-16887

목, 2019/09/26 - 3:15오전
In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.

CVE-2019-6651

목, 2019/09/26 - 3:15오전
In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.

CVE-2019-6652

목, 2019/09/26 - 3:15오전
In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS).

CVE-2019-6653

목, 2019/09/26 - 3:15오전
There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles.

CVE-2015-9409

목, 2019/09/26 - 2:15오전
The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.

CVE-2019-10098

목, 2019/09/26 - 2:15오전
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.

CVE-2019-16188

목, 2019/09/26 - 2:15오전
HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks.

CVE-2019-16880

목, 2019/09/26 - 2:15오전
An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method.

CVE-2019-16881

목, 2019/09/26 - 2:15오전
An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback.

CVE-2019-16882

목, 2019/09/26 - 2:15오전
An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw.

CVE-2019-10427 (aqua_microscanner)

목, 2019/09/26 - 1:15오전
Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

CVE-2019-10428 (aqua_security_scanner)

목, 2019/09/26 - 1:15오전
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

CVE-2019-10429 (gitlab_logo)

목, 2019/09/26 - 1:15오전
Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CVE-2019-10430 (neuvector_vulnerability_scanner)

목, 2019/09/26 - 1:15오전
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

CVE-2019-16194 (centreon)

목, 2019/09/26 - 1:15오전
SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.

CVE-2019-16701 (pfsense)

목, 2019/09/26 - 1:15오전
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.

CVE-2019-10410

목, 2019/09/26 - 1:15오전
Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules.

CVE-2019-10411

목, 2019/09/26 - 1:15오전
Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

CVE-2019-10412

목, 2019/09/26 - 1:15오전
Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

페이지