Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 5시간 55분 지남

CVE-2020-13458

10시간 2분 지남
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.

CVE-2020-13459

10시간 2분 지남
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.

CVE-2020-13442

12시간 2분 지남
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.

CVE-2020-5537

월, 2020/05/25 - 3:15오후
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.

CVE-2020-13438

월, 2020/05/25 - 8:15오전
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.

CVE-2020-13439

월, 2020/05/25 - 8:15오전
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.

CVE-2020-13440

월, 2020/05/25 - 8:15오전
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.

CVE-2020-13433

월, 2020/05/25 - 7:15오전
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.

CVE-2020-13434

월, 2020/05/25 - 7:15오전
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

CVE-2020-13435

월, 2020/05/25 - 7:15오전
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

CVE-2020-13429

월, 2020/05/25 - 3:15오전
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.

CVE-2020-13430

월, 2020/05/25 - 3:15오전
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.

CVE-2020-13425

일, 2020/05/24 - 5:15오전
TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.

CVE-2020-13424

일, 2020/05/24 - 4:15오전
The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure.

CVE-2020-13412

토, 2020/05/23 - 6:15오전
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.

CVE-2020-13413

토, 2020/05/23 - 6:15오전
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.

CVE-2020-13414

토, 2020/05/23 - 6:15오전
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.

CVE-2020-13415

토, 2020/05/23 - 6:15오전
An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.

CVE-2020-13416

토, 2020/05/23 - 6:15오전
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.

CVE-2020-13417

토, 2020/05/23 - 6:15오전
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.

페이지