» 2019 » 12월

CVE-2018-20494

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-20494

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

Source: CVE-2018-20494

CVE-2018-20493

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-20493

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

Source: CVE-2018-20493

CVE-2018-20496

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-20496

An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.

Source: CVE-2018-20496

CVE-2018-20495

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-20495

An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.

Source: CVE-2018-20495

CVE-2018-20491

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-20491

An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.

Source: CVE-2018-20491

CVE-2019-19032

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2019-19032

XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload.

Source: CVE-2019-19032

CVE-2018-7859

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2018-7859

A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit.

Source: CVE-2018-7859

CVE-2019-16790

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2019-16790

In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.

Source: CVE-2019-16790

CVE-2019-19031

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2019-19031

Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.

Source: CVE-2019-19031

CVE-2012-5474

Posted on 2019년 12월 31일2019년 12월 31일 by admin

CVE-2012-5474

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.

Source: CVE-2012-5474