Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 2시간 20분 지남

CVE-2019-13935

수, 2019/11/27 - 11:15오후
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.

CVE-2019-13936

수, 2019/11/27 - 11:15오후
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.

CVE-2019-14812

수, 2019/11/27 - 11:15오후
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

CVE-2019-15298

수, 2019/11/27 - 11:15오후
A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly.

CVE-2019-15300

수, 2019/11/27 - 11:15오후
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.

CVE-2019-13934

수, 2019/11/27 - 11:15오후
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.

CVE-2019-10216

수, 2019/11/27 - 10:15오후
It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

CVE-2019-14896

수, 2019/11/27 - 6:15오후
A vulnerability was found in marvell wifi chip driver in Linux kernel. There is a heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c allows remote attackers to cause a denial of service(system crash) or possibly execute arbitrary code. When STA connects to AP, lbs_ibss_join_existing function will be called for STA.

CVE-2019-14867

수, 2019/11/27 - 6:15오후
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.

CVE-2019-10195

수, 2019/11/27 - 5:15오후
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.

CVE-2011-4310

수, 2019/11/27 - 8:15오전
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.

CVE-2011-1934

수, 2019/11/27 - 7:15오전
lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.

CVE-2011-1939

수, 2019/11/27 - 7:15오전
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.

CVE-2015-5155

수, 2019/11/27 - 7:15오전
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2010-3609. Reason: This candidate is a duplicate of CVE-2010-3609. Notes: All CVE users should reference CVE-2010-3609 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2011-1933

수, 2019/11/27 - 6:15오전
SQL injection vulnerability in Jifty::DBI before 0.68.

CVE-2019-16195

수, 2019/11/27 - 3:15오전
Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields.

CVE-2019-16201

수, 2019/11/27 - 3:15오전
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.

CVE-2019-16254

수, 2019/11/27 - 3:15오전
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.

CVE-2019-16255

수, 2019/11/27 - 3:15오전
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

CVE-2019-16386

수, 2019/11/27 - 3:15오전
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account.

페이지