Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 1시간 53분 지남

CVE-2019-3466

목, 2019/11/21 - 3:15오전
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

CVE-2010-4659

목, 2019/11/21 - 2:15오전
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.

CVE-2019-4530

목, 2019/11/21 - 2:15오전
IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.

CVE-2019-4561

목, 2019/11/21 - 2:15오전
IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456.

CVE-2019-5541

목, 2019/11/21 - 1:15오전
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM.

CVE-2019-5542

목, 2019/11/21 - 1:15오전
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.

CVE-2010-4660

목, 2019/11/21 - 1:15오전
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..

CVE-2011-0529

목, 2019/11/21 - 1:15오전
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.

CVE-2019-10765

목, 2019/11/21 - 1:15오전
iobroker.admin before 3.6.12 allows attacker to include file contents from outside the `/log/file1/` directory.

CVE-2019-5540

목, 2019/11/21 - 1:15오전
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.

CVE-2011-1028

목, 2019/11/21 - 12:15오전
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

CVE-2012-6136

목, 2019/11/21 - 12:15오전
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

CVE-2013-0193

목, 2019/11/21 - 12:15오전
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.

CVE-2013-0194

목, 2019/11/21 - 12:15오전
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.

CVE-2013-0195

목, 2019/11/21 - 12:15오전
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.

CVE-2016-5194

목, 2019/11/21 - 12:15오전
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.

CVE-2016-9652

목, 2019/11/21 - 12:15오전
Unspecified vulnerabilities in Google Chrome before 55.0.2883.75.

CVE-2019-16200

수, 2019/11/20 - 10:15오후
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read.

CVE-2019-15073

수, 2019/11/20 - 2:15오후
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.

CVE-2019-15072

수, 2019/11/20 - 2:15오후
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.

페이지