Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 5시간 42분 지남

CVE-2018-12303

월, 2019/05/13 - 10:29오후
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names.

CVE-2018-12304 (nas_os)

월, 2019/05/13 - 10:29오후
Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL.

CVE-2018-14710

월, 2019/05/13 - 10:29오후
Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.

CVE-2019-11888

월, 2019/05/13 - 2:29오후
Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.

CVE-2018-20838

월, 2019/05/13 - 2:29오후
ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.

CVE-2019-11886

월, 2019/05/13 - 2:29오후
The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain admin access.

CVE-2019-11885

일, 2019/05/12 - 11:29오후
eyeDisk implements the unlock feature by sending a cleartext password. The password can be discovered by sniffing USB traffic or by sending a 06 05 52 41 01 b0 00 00 00 00 00 00 SCSI command.

CVE-2019-11884

토, 2019/05/11 - 7:29오전
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

CVE-2019-5437

토, 2019/05/11 - 7:29오전
Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.

CVE-2019-5438

토, 2019/05/11 - 7:29오전
Path traversal using symlink in npm harp module versions <= 0.29.0.

CVE-2019-3566

토, 2019/05/11 - 6:29오전
A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103.

CVE-2019-5675

토, 2019/05/11 - 6:29오전
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure.

CVE-2019-5676

토, 2019/05/11 - 6:29오전
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.

CVE-2019-5677

토, 2019/05/11 - 6:29오전
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to denial of service.

CVE-2018-8812

토, 2019/05/11 - 5:29오전
An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 and prior. The DownloadToLocalDriveServlet function from the AFA portal is only intended to download backup ZIP files from the server to the operator desktop; however, a malicious user capable of intercepting the HTTP request would be able to modify folder and filename parameters in order to get access to any file on the underlying operating system, as demonstrated by a folder=/etc/&filename=passwd query string. Additionally it could cause a DoS, as this functions also implements file deletion after downloading.

CVE-2019-11000

토, 2019/05/11 - 5:29오전
An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.

CVE-2019-11059

토, 2019/05/11 - 5:29오전
Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.

CVE-2019-11066

토, 2019/05/11 - 5:29오전
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method.

CVE-2019-5495

토, 2019/05/11 - 5:29오전
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

CVE-2019-5496

토, 2019/05/11 - 5:29오전
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

페이지