Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 4시간 16분 지남

CVE-2016-10727

9시간 49분 지남
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

CVE-2018-8018

12시간 49분 지남
Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.

CVE-2018-14415

12시간 49분 지남
An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.

CVE-2018-14418

12시간 49분 지남
In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.

CVE-2018-14419

12시간 49분 지남
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.

CVE-2018-14420

12시간 49분 지남
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.

CVE-2018-14421

12시간 49분 지남
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.

CVE-2018-14422

12시간 49분 지남
blog/index.php in SansCMS 0.7 has XSS via the q parameter.

CVE-2017-18343

13시간 49분 지남
** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar.

CVE-2018-14434

13시간 49분 지남
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.

CVE-2018-14435

13시간 49분 지남
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.

CVE-2018-14436

13시간 49분 지남
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.

CVE-2018-14437

13시간 49분 지남
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.

CVE-2018-14438

13시간 49분 지남
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.

CVE-2018-14439

13시간 49분 지남
espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of unintended amounts.

CVE-2018-14440

13시간 49분 지남
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter.

CVE-2018-14441

13시간 49분 지남
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type.

CVE-2018-10869

15시간 49분 지남
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

CVE-2018-10870

15시간 49분 지남
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.

CVE-2018-12959

17시간 49분 지남
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).

페이지