Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 58분 3초 지남

CVE-2019-8953

목, 2019/02/21 - 1:29오전
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.

CVE-2018-20240

수, 2019/02/20 - 11:29오후
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.

CVE-2018-20241

수, 2019/02/20 - 11:29오후
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.

CVE-2019-8948

수, 2019/02/20 - 1:29오후
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.

CVE-2019-8950

수, 2019/02/20 - 1:29오후
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.

CVE-2019-8942

수, 2019/02/20 - 12:29오후
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.

CVE-2019-8943

수, 2019/02/20 - 12:29오후
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.

CVE-2019-8944

수, 2019/02/20 - 12:29오후
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.

CVE-2018-19106

수, 2019/02/20 - 11:29오전
Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959.

CVE-2019-7164

수, 2019/02/20 - 9:29오전
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

CVE-2018-20025

수, 2019/02/20 - 6:29오전
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.

CVE-2018-20026

수, 2019/02/20 - 6:29오전
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.

CVE-2018-9867

수, 2019/02/20 - 6:29오전
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier.

CVE-2019-5780

수, 2019/02/20 - 2:29오전
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.

CVE-2019-5781 (chrome)

수, 2019/02/20 - 2:29오전
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVE-2019-5782 (chrome)

수, 2019/02/20 - 2:29오전
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2019-5783

수, 2019/02/20 - 2:29오전
Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.

CVE-2019-5766

수, 2019/02/20 - 2:29오전
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2019-5767

수, 2019/02/20 - 2:29오전
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.

CVE-2019-5768

수, 2019/02/20 - 2:29오전
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

페이지