Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 3시간 20분 지남

CVE-2019-15525

토, 2019/08/24 - 1:15오전
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1.

CVE-2019-15516

토, 2019/08/24 - 12:15오전
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.

CVE-2019-15517

토, 2019/08/24 - 12:15오전
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.

CVE-2019-15518

토, 2019/08/24 - 12:15오전
Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.

CVE-2019-15519

토, 2019/08/24 - 12:15오전
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.

CVE-2019-15520

토, 2019/08/24 - 12:15오전
comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory.

CVE-2019-11587

금, 2019/08/23 - 11:15오후
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

CVE-2019-11588

금, 2019/08/23 - 11:15오후
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.

CVE-2019-11589

금, 2019/08/23 - 11:15오후
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

CVE-2019-13421

금, 2019/08/23 - 11:15오후
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

CVE-2019-13422

금, 2019/08/23 - 11:15오후
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.

CVE-2019-13423

금, 2019/08/23 - 11:15오후
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time

CVE-2019-14999

금, 2019/08/23 - 11:15오후
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.

CVE-2019-8444

금, 2019/08/23 - 11:15오후
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.

CVE-2019-8445

금, 2019/08/23 - 11:15오후
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.

CVE-2019-8446

금, 2019/08/23 - 11:15오후
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVE-2019-8447

금, 2019/08/23 - 11:15오후
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability.

CVE-2019-11584

금, 2019/08/23 - 11:15오후
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.

CVE-2019-11585

금, 2019/08/23 - 11:15오후
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

CVE-2019-11586

금, 2019/08/23 - 11:15오후
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.

페이지