Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 4시간 50분 지남

CVE-2020-27978

목, 2020/10/29 - 12:15오전
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session.

CVE-2020-22552

수, 2020/10/28 - 11:15오후
The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.

CVE-2020-24303

수, 2020/10/28 - 11:15오후
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.

CVE-2020-8260

수, 2020/10/28 - 10:15오후
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

CVE-2020-8261

수, 2020/10/28 - 10:15오후
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.

CVE-2020-8262

수, 2020/10/28 - 10:15오후
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

CVE-2020-8263

수, 2020/10/28 - 10:15오후
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.

CVE-2020-8239

수, 2020/10/28 - 10:15오후
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.

CVE-2020-8240

수, 2020/10/28 - 10:15오후
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.

CVE-2020-8241

수, 2020/10/28 - 10:15오후
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.

CVE-2020-8248

수, 2020/10/28 - 10:15오후
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

CVE-2020-8249

수, 2020/10/28 - 10:15오후
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.

CVE-2020-8250

수, 2020/10/28 - 10:15오후
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

CVE-2020-8254

수, 2020/10/28 - 10:15오후
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC.

CVE-2020-8255

수, 2020/10/28 - 10:15오후
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.

CVE-2020-6829

수, 2020/10/28 - 9:15오후
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

CVE-2020-5144

수, 2020/10/28 - 8:15오후
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.

CVE-2020-5145

수, 2020/10/28 - 8:15오후
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.

CVE-2020-27956

수, 2020/10/28 - 12:15오후
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).

CVE-2020-27957

수, 2020/10/28 - 12:15오후
The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.

페이지