Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 4시간 26분 지남

CVE-2019-7139

목, 2019/04/11 - 3:29오전
An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. This issue is fixed in Magento Open Source 1.9.4.1, Magento Commerce 1.14.4.1, SUPEE-11086, Magento 2.2.8, Magento 2.3.1.

CVE-2019-5424

목, 2019/04/11 - 3:29오전
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.

CVE-2019-5425

목, 2019/04/11 - 3:29오전
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.

CVE-2019-5426

목, 2019/04/11 - 3:29오전
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.

CVE-2019-6154

목, 2019/04/11 - 2:29오전
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.

CVE-2019-6156

목, 2019/04/11 - 2:29오전
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

CVE-2019-7551

목, 2019/04/11 - 2:29오전
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.

CVE-2018-1903

목, 2019/04/11 - 12:29오전
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.

CVE-2018-1994

목, 2019/04/11 - 12:29오전
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.

CVE-2019-0199

목, 2019/04/11 - 12:29오전
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

CVE-2019-4013

목, 2019/04/11 - 12:29오전
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.

CVE-2019-6287

목, 2019/04/11 - 12:29오전
In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.

CVE-2018-20321

수, 2019/04/10 - 11:29오후
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.

CVE-2019-11065

수, 2019/04/10 - 9:29오전
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

CVE-2019-1573

수, 2019/04/10 - 7:29오전
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow an attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.

CVE-2019-0874

수, 2019/04/10 - 6:29오전
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

CVE-2019-0875

수, 2019/04/10 - 6:29오전
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.

CVE-2019-0876

수, 2019/04/10 - 6:29오전
An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.

CVE-2019-0877

수, 2019/04/10 - 6:29오전
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0879.

CVE-2019-0879

수, 2019/04/10 - 6:29오전
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877.

페이지