Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 1시간 33분 지남

CVE-2021-36973

수, 2021/09/15 - 9:15오후
Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability

CVE-2021-36974

수, 2021/09/15 - 9:15오후
Windows SMB Elevation of Privilege Vulnerability

CVE-2021-22149

수, 2021/09/15 - 9:15오후
Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.

CVE-2021-26434

수, 2021/09/15 - 9:15오후
Visual Studio Elevation of Privilege Vulnerability

CVE-2021-26435

수, 2021/09/15 - 9:15오후
Windows Scripting Engine Memory Corruption Vulnerability

CVE-2021-26437

수, 2021/09/15 - 9:15오후
Visual Studio Code Spoofing Vulnerability

CVE-2020-35340

수, 2021/09/15 - 9:15오후
A Directory Traversal vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.

CVE-2021-22147

수, 2021/09/15 - 9:15오후
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.

CVE-2021-22148

수, 2021/09/15 - 9:15오후
Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.

CVE-2021-3777

수, 2021/09/15 - 5:15오후
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity

CVE-2021-3778

수, 2021/09/15 - 5:15오후
vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3706

수, 2021/09/15 - 4:15오후
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag

CVE-2021-3751

수, 2021/09/15 - 4:15오후
libmobi is vulnerable to Out-of-bounds Write

CVE-2021-23029

수, 2021/09/15 - 8:15오전
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2021-23026

수, 2021/09/15 - 7:15오전
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2021-23027

수, 2021/09/15 - 7:15오전
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2021-23025

수, 2021/09/15 - 6:15오전
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2021-23028

수, 2021/09/15 - 6:15오전
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2021-23030

수, 2021/09/15 - 6:15오전
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2021-23031

수, 2021/09/15 - 4:15오전
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

페이지