» 2019 » 8월

CVE-2019-15477

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler.

Source: CVE-2019-15477

CVE-2019-15513

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-15513

An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.

Source: CVE-2019-15513

CVE-2019-15508

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-15508

In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7.

Source: CVE-2019-15508

CVE-2019-15507

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-15507

In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8.

Source: CVE-2019-15507

CVE-2019-15505

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-15505

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

Source: CVE-2019-15505

CVE-2019-15504

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-15504

drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).

Source: CVE-2019-15504

CVE-2019-15499

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-15499

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.

Source: CVE-2019-15499

CVE-2019-15498

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-15498

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via –output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.

Source: CVE-2019-15498

CVE-2019-13139

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-13139

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.

Source: CVE-2019-13139

CVE-2019-15327

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-15327

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.

Source: CVE-2019-15327