Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 3시간 10분 지남

CVE-2019-15143

월, 2019/08/19 - 4:15오전
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.

CVE-2019-15144

월, 2019/08/19 - 4:15오전
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.

CVE-2019-15129

월, 2019/08/19 - 2:15오전
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a recruitment_online/upload/user/[user_id]/photo/[file_name] URI.

CVE-2019-15130

월, 2019/08/19 - 2:15오전
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter. Moreover, the attacker can upload executable content (e.g., asp or aspx) for executing OS commands on the server.

CVE-2019-15135

월, 2019/08/19 - 1:15오전
The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network.

CVE-2019-15136

월, 2019/08/19 - 1:15오전
The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service (DDS) partition.

CVE-2019-15137

월, 2019/08/19 - 1:15오전
The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network.

CVE-2019-15132

일, 2019/08/18 - 3:15오전
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.

CVE-2019-15133

일, 2019/08/18 - 3:15오전
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.

CVE-2019-15134

일, 2019/08/18 - 3:15오전
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c upon receiving an ACK before a SYN.

CVE-2019-14937

일, 2019/08/18 - 2:15오전
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.

CVE-2019-13069

일, 2019/08/18 - 2:15오전
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.

CVE-2019-15113

토, 2019/08/17 - 6:15오전
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.

CVE-2019-15114

토, 2019/08/17 - 6:15오전
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.

CVE-2019-15115

토, 2019/08/17 - 6:15오전
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.

CVE-2019-15116

토, 2019/08/17 - 6:15오전
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.

CVE-2017-18547

토, 2019/08/17 - 6:15오전
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.

CVE-2018-20971

토, 2019/08/17 - 6:15오전
The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.

CVE-2018-20972

토, 2019/08/17 - 6:15오전
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.

CVE-2018-20973

토, 2019/08/17 - 6:15오전
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.

페이지