CVE-2019-8283
Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have ‘HttpOnly’ flag. This allows malicious javascript to steal it.
Source: CVE-2019-8283
[월:] 2019년 06월
CVE-2019-12477
CVE-2019-12477
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.
Source: CVE-2019-12477
CVE-2019-4067
CVE-2019-4067
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012.
Source: CVE-2019-4067
CVE-2018-6185
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for these commands are keytrustee.kms.acl.PURGE and keytrustee.kms.acl.UNDELETE respectively. The default value for the ACLs in Key Trustee KMS 5.12.0 and 5.13.0 is "*" which allows anyone with knowledge of the name of an encryption zone key and network access to the Key Trustee KMS to make those calls against known encryption zone keys. This can result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data.
Source: CVE-2018-6185
CVE-2018-5798
CVE-2018-5798
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
Source: CVE-2018-5798
CVE-2018-5265
CVE-2018-5265
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the ‘alias’ or ‘ips’ parameter for shell metacharacters.
Source: CVE-2018-5265
CVE-2019-12771
CVE-2019-12771
Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring.
Source: CVE-2019-12771
CVE-2019-6530
CVE-2019-6530
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.
Source: CVE-2019-6530
CVE-2019-6532
CVE-2019-6532
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.
Source: CVE-2019-6532
CVE-2019-12763
CVE-2019-12763
The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application.
Source: CVE-2019-12763