Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 5시간 18분 지남

CVE-2019-15492

금, 2019/08/23 - 10:15오후
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.

CVE-2019-15493

금, 2019/08/23 - 10:15오후
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.

CVE-2019-15494

금, 2019/08/23 - 10:15오후
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.

CVE-2019-15514

금, 2019/08/23 - 10:15오후
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.

CVE-2019-15476

금, 2019/08/23 - 10:15오후
Former before 4.2.1 has XSS via a checkbox value.

CVE-2019-15477

금, 2019/08/23 - 10:15오후
Jooby before 1.6.4 has XSS via the default error handler.

CVE-2019-15480

금, 2019/08/23 - 10:15오후
Domoticz 4.10717 has XSS via item.Name.

CVE-2019-15481

금, 2019/08/23 - 10:15오후
Kimai v2 before 1.1 has XSS via a timesheet description.

CVE-2019-15513

금, 2019/08/23 - 4:15오후
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.

CVE-2019-15504

금, 2019/08/23 - 3:15오후
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).

CVE-2019-15505

금, 2019/08/23 - 3:15오후
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

CVE-2019-15507

금, 2019/08/23 - 3:15오후
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8.

CVE-2019-15508

금, 2019/08/23 - 3:15오후
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7.

CVE-2019-15498

금, 2019/08/23 - 1:15오후
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.

CVE-2019-15499

금, 2019/08/23 - 1:15오후
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.

CVE-2019-13139

금, 2019/08/23 - 5:15오전
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.

CVE-2019-15325

금, 2019/08/23 - 5:15오전
In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.

CVE-2019-15326

금, 2019/08/23 - 5:15오전
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.

CVE-2019-15327

금, 2019/08/23 - 5:15오전
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.

CVE-2019-15328

금, 2019/08/23 - 5:15오전
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.

페이지