Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 4시간 6분 지남

CVE-2020-10948

9시간 57분 지남
Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests.

CVE-2020-1934

10시간 56분 지남
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

CVE-2020-5290

10시간 56분 지남
In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim teams who solve the challenge are unknowingly (and against their will) signed into the attacker team's account. Then, the attacker can gain points / value off the backs of the victims. This is patched in version 2.3.

CVE-2020-10199

11시간 57분 지남
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).

CVE-2020-10203

11시간 57분 지남
Sonatype Nexus Repository before 3.21.2 allows XSS.

CVE-2020-10204

11시간 57분 지남
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.

CVE-2020-1943

11시간 57분 지남
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks, in Apache OFBiz 16.11.01 to 16.11.07

CVE-2020-1949

11시간 57분 지남
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.

CVE-2020-3847

11시간 57분 지남
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory.

CVE-2020-3848

11시간 57분 지남
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2020-3849

11시간 57분 지남
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2020-3850

11시간 57분 지남
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2020-9781

12시간 56분 지남
The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.

CVE-2020-9783

12시간 56분 지남
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.

CVE-2020-9784

12시간 56분 지남
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.

CVE-2020-9785

12시간 56분 지남
Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2020-3908

12시간 56분 지남
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.

CVE-2020-3909

12시간 56분 지남
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

CVE-2020-3910

12시간 56분 지남
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

CVE-2020-3911

12시간 56분 지남
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

페이지