Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 5시간 35분 지남

CVE-2020-11483

목, 2020/10/29 - 1:15오후
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure.

CVE-2020-27986

목, 2020/10/29 - 8:15오전
** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position is "it is the administrator's responsibility to configure it."

CVE-2020-27981

목, 2020/10/29 - 6:15오전
An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III before 5.4.5 allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy headers are disabled.

CVE-2020-24707

목, 2020/10/29 - 5:15오전
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.

CVE-2020-24708

목, 2020/10/29 - 5:15오전
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.

CVE-2020-24709

목, 2020/10/29 - 5:15오전
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.

CVE-2020-24710

목, 2020/10/29 - 5:15오전
Gophish before 0.11.0 allows SSRF attacks.

CVE-2020-24711

목, 2020/10/29 - 5:15오전
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack

CVE-2020-24712

목, 2020/10/29 - 5:15오전
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.

CVE-2020-24713

목, 2020/10/29 - 5:15오전
Gophish through 0.10.1 does not invalidate the gophish cookie upon logout.

CVE-2020-25374

목, 2020/10/29 - 5:15오전
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.

CVE-2020-27742

목, 2020/10/29 - 4:15오전
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

CVE-2020-27980

목, 2020/10/29 - 4:15오전
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.

CVE-2020-24990

목, 2020/10/29 - 4:15오전
An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.

CVE-2020-25204

목, 2020/10/29 - 4:15오전
The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver. The purpose of this broadcast receiver is to show an in-game push notification to the player. However, the application does not enforce any authorization schema on the broadcast receiver, allowing any application to send fully customizable in-game push notifications.

CVE-2020-27739

목, 2020/10/29 - 4:15오전
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

CVE-2020-27740

목, 2020/10/29 - 4:15오전
Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

CVE-2020-27741

목, 2020/10/29 - 4:15오전
Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

CVE-2020-16259

목, 2020/10/29 - 3:15오전
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.

CVE-2020-16260

목, 2020/10/29 - 3:15오전
Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.

페이지