CVE-2019-4056
IBM Maximo Asset Management 7.6 Work Centers’ application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
Source: CVE-2019-4056
[월:] 2019년 06월
CVE-2018-10171
CVE-2018-10171
Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user.
Source: CVE-2018-10171
CVE-2019-7671
CVE-2019-12494
CVE-2019-12494
In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one’s own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked.
Source: CVE-2019-12494
CVE-2019-9158
CVE-2019-9158
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.
Source: CVE-2019-9158
CVE-2019-9157
CVE-2019-9157
Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure.
Source: CVE-2019-9157
CVE-2019-9156
CVE-2019-9156
Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection.
Source: CVE-2019-9156
CVE-2019-6800
CVE-2019-6800
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
Source: CVE-2019-6800
CVE-2019-8385
CVE-2019-8385
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a .. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine’s SAM and SYSTEM database files, as well as remote code execution.
Source: CVE-2019-8385