» 2019 » 5월

CVE-2019-9866

Posted on 2019년 5월 30일2019년 5월 30일 by admin

CVE-2019-9866

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure.

Source: CVE-2019-9866

CVE-2019-12448

Posted on 2019년 5월 30일2019년 5월 30일 by admin

CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn’t implement query_info_on_read/write.

Source: CVE-2019-12448

CVE-2019-9865

Posted on 2019년 5월 30일2019년 5월 30일 by admin

CVE-2019-9865

When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.

Source: CVE-2019-9865

CVE-2019-12165

Posted on 2019년 5월 30일2019년 5월 30일 by admin

CVE-2019-12165

MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands.

Source: CVE-2019-12165

CVE-2019-9218

Posted on 2019년 5월 30일2019년 5월 30일 by admin

CVE-2019-9218

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5).

Source: CVE-2019-9218

CVE-2019-7549

Posted on 2019년 5월 30일2019년 5월 30일 by admin

CVE-2019-7549

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control,

Source: CVE-2019-7549

CVE-2019-9177

Posted on 2019년 5월 30일2019년 5월 30일 by admin

CVE-2019-9177

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption (issue 2 of 2).

Source: CVE-2019-9177

CVE-2019-12440

Posted on 2019년 5월 30일2019년 5월 30일 by admin

CVE-2019-12440

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.

Source: CVE-2019-12440

CVE-2019-4138

Posted on 2019년 5월 30일2019년 5월 30일 by admin

CVE-2019-4138

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 158334.

Source: CVE-2019-4138

CVE-2019-4139

Posted on 2019년 5월 30일2019년 5월 30일 by admin

CVE-2019-4139

IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335.

Source: CVE-2019-4139