Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 1시간 16분 지남

CVE-2019-2289

13시간 45분 지남
Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

CVE-2019-2295

13시간 45분 지남
Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130

CVE-2019-2297

13시간 45분 지남
Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150

CVE-2019-16539

13시간 45분 지남
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.

CVE-2019-16540

13시간 45분 지남
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.

CVE-2019-16541

13시간 45분 지남
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.

CVE-2019-16542

13시간 45분 지남
Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

CVE-2019-16543

13시간 45분 지남
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CVE-2019-16544

13시간 45분 지남
Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

CVE-2019-16545

13시간 45분 지남
Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

CVE-2019-16546

13시간 45분 지남
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

CVE-2019-16547

13시간 45분 지남
Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment.

CVE-2019-16548

13시간 45분 지남
A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents.

CVE-2019-17421

13시간 45분 지남
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.

CVE-2019-18958

13시간 45분 지남
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed.

CVE-2019-10566

13시간 45분 지남
Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR2130

CVE-2019-10617

13시간 45분 지남
Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registry in QCA6174_9377.WIN.1.0 in QCA6174_9377

CVE-2019-10627

13시간 45분 지남
Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF printers that use IPS versions prior to 2019.2

CVE-2019-15704

13시간 45분 지남
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.

CVE-2019-16340

13시간 45분 지남
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.

페이지