Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 2시간 18분 지남

CVE-2015-6960

화, 2019/07/30 - 1:15오전
edx-platform before 2015-09-17 allows XSS via a team name.

CVE-2015-9288

화, 2019/07/30 - 1:15오전
The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials

CVE-2019-11199

화, 2019/07/30 - 1:15오전
Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type.

CVE-2019-11200

화, 2019/07/30 - 1:15오전
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)

CVE-2019-11201

화, 2019/07/30 - 1:15오전
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code under the context and permissions of the underlying web server.

CVE-2015-5601

화, 2019/07/30 - 1:15오전
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.

CVE-2019-1020006

화, 2019/07/30 - 12:15오전
invenio-app before 1.1.1 allows host header injection.

CVE-2019-1020007

화, 2019/07/30 - 12:15오전
Dependency-Track before 3.5.1 allows XSS.

CVE-2019-1020008

화, 2019/07/30 - 12:15오전
stacktable.js before 1.0.4 allows XSS.

CVE-2019-1020009

화, 2019/07/30 - 12:15오전
Fleet before 2.1.2 allows exposure of SMTP credentials.

CVE-2019-12613

화, 2019/07/30 - 12:15오전
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a security issue in customer-controlled software. Notes: recovery of a public key is not a security concern as per its public nature.

CVE-2019-13103

화, 2019/07/30 - 12:15오전
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.

CVE-2019-1020002

화, 2019/07/30 - 12:15오전
Pterodactyl before 0.7.14 with 2FA allows credential sniffing.

CVE-2019-1020003

화, 2019/07/30 - 12:15오전
invenio-records before 1.2.2 allows XSS.

CVE-2019-1020004

화, 2019/07/30 - 12:15오전
Tridactyl before 1.16.0 allows fake key events.

CVE-2019-1020005

화, 2019/07/30 - 12:15오전
invenio-communities before 1.0.0a20 allows XSS.

CVE-2019-1020018

월, 2019/07/29 - 11:15오후
Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via an email link.

CVE-2019-1020019

월, 2019/07/29 - 11:15오후
invenio-previewer before 1.0.0a12 allows XSS.

CVE-2019-1105

월, 2019/07/29 - 11:15오후
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.

CVE-2019-1020015

월, 2019/07/29 - 10:15오후
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.

페이지