Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 4시간 5분 지남

CVE-2019-11521

화, 2019/08/20 - 10:15오후
OX App Suite 7.10.1 allows Content Spoofing.

CVE-2019-11522

화, 2019/08/20 - 10:15오후
OX App Suite 7.10.0 to 7.10.2 allows XSS.

CVE-2019-11806

화, 2019/08/20 - 10:15오후
OX App Suite 7.10.1 and earlier has Insecure Permissions.

CVE-2019-12889

화, 2019/08/20 - 9:15오후
An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must disconnect the computer from the local network / WAN and connect it to an internet facing access point / network. At that point, the attacker can execute the password-reset functionality, which will expose a web browser. Browsing to a site that calls local Windows system functions (e.g., file upload) will expose the local file system. From there an attacker can launch a privileged command shell.

CVE-2019-15239

화, 2019/08/20 - 5:15오후
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.

CVE-2019-15227

화, 2019/08/20 - 2:15오후
FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions.

CVE-2019-15237

화, 2019/08/20 - 10:15오전
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

CVE-2019-15228

화, 2019/08/20 - 9:15오전
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

CVE-2019-15229

화, 2019/08/20 - 9:15오전
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

CVE-2019-15231

화, 2019/08/20 - 9:15오전
Webmin 1.890, in a default installation, contains a backdoor that allows an unauthenticated attacker to remotely execute commands. This is different from CVE-2019-15107. NOTE: as of 2019-08-19, the vendor reports that "at some point" malicious code was inserted into their build infrastructure, but was not inserted into any GitHub repository.

CVE-2019-15232

화, 2019/08/20 - 9:15오전
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

CVE-2019-15224

화, 2019/08/20 - 8:15오전
The rest-client gem 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.

CVE-2019-15225

화, 2019/08/20 - 8:15오전
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.

CVE-2019-15223

화, 2019/08/20 - 7:15오전
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver.

CVE-2019-15211

화, 2019/08/20 - 7:15오전
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.

CVE-2019-15212

화, 2019/08/20 - 7:15오전
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.

CVE-2019-15213

화, 2019/08/20 - 7:15오전
An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.

CVE-2019-15214

화, 2019/08/20 - 7:15오전
An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.

CVE-2019-15215

화, 2019/08/20 - 7:15오전
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.

CVE-2019-15216

화, 2019/08/20 - 7:15오전
An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.

페이지