Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 9분 57초 지남

CVE-2020-14938

화, 2020/06/23 - 7:15오후
An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.

CVE-2020-14939

화, 2020/06/23 - 7:15오후
An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.

CVE-2020-14940

화, 2020/06/23 - 7:15오후
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files.

CVE-2020-5594

화, 2020/06/23 - 5:15오후
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.

CVE-2019-20409

화, 2020/06/23 - 3:15오후
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.

CVE-2020-12782

화, 2020/06/23 - 3:15오후
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files.

CVE-2020-14932

토, 2020/06/20 - 10:15오후
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.

CVE-2020-14933

토, 2020/06/20 - 10:15오후
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request.

CVE-2020-13261

토, 2020/06/20 - 8:15오전
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code

CVE-2020-13263

토, 2020/06/20 - 8:15오전
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.

CVE-2020-13264

토, 2020/06/20 - 8:15오전
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token

CVE-2020-13276

토, 2020/06/20 - 7:15오전
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1

CVE-2020-14931

토, 2020/06/20 - 7:15오전
A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff.

CVE-2020-13262

토, 2020/06/20 - 7:15오전
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link

CVE-2020-13265

토, 2020/06/20 - 7:15오전
User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification

CVE-2020-13272

토, 2020/06/20 - 7:15오전
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow

CVE-2020-13273

토, 2020/06/20 - 7:15오전
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1

CVE-2020-13274

토, 2020/06/20 - 7:15오전
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1

CVE-2020-13275

토, 2020/06/20 - 7:15오전
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1

CVE-2019-20891

토, 2020/06/20 - 6:15오전
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.

페이지