Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 8분 17초 지남

CVE-2015-7831

화, 2019/11/26 - 11:15오후
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.

CVE-2016-3131

화, 2019/11/26 - 11:15오후
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.

CVE-2016-3192

화, 2019/11/26 - 11:15오후
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.

CVE-2016-4572

화, 2019/11/26 - 11:15오후
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.

CVE-2016-5724

화, 2019/11/26 - 11:15오후
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.

CVE-2016-6353

화, 2019/11/26 - 11:15오후
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.

CVE-2019-14856

화, 2019/11/26 - 11:15오후
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

CVE-2015-6495

화, 2019/11/26 - 11:15오후
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.

CVE-2019-14853

화, 2019/11/26 - 10:15오후
An error-handling flaw was found in python-ecdsa. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

CVE-2019-14857

화, 2019/11/26 - 9:15오후
mod_auth_openidc before version 2.4.0.1 is vulnerable to a None

CVE-2019-14890

화, 2019/11/26 - 4:15오후
An attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.

CVE-2011-4350

화, 2019/11/26 - 2:15오후
Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.

CVE-2011-4120

화, 2019/11/26 - 2:15오후
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string.

CVE-2011-4121

화, 2019/11/26 - 2:15오후
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.

CVE-2011-4090

화, 2019/11/26 - 2:15오후
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.

CVE-2011-4082

화, 2019/11/26 - 2:15오후
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.

CVE-2019-19271

화, 2019/11/26 - 1:15오후
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server.

CVE-2019-19272

화, 2019/11/26 - 1:15오후
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

CVE-2019-15990

화, 2019/11/26 - 1:15오후
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displayed in the web-based management interface without authentication.

CVE-2019-15994

화, 2019/11/26 - 1:15오후
A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

페이지