Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 2시간 27분 지남

CVE-2020-4447

금, 2020/07/24 - 1:15오전
IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181227.

CVE-2020-15912

금, 2020/07/24 - 12:15오전
** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue.

CVE-2019-11252

금, 2020/07/24 - 12:15오전
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.

CVE-2020-11440

목, 2020/07/23 - 11:15오후
httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.

CVE-2020-15881

목, 2020/07/23 - 11:15오후
A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name.

CVE-2020-15882

목, 2020/07/23 - 11:15오후
A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database.

CVE-2020-15883

목, 2020/07/23 - 11:15오후
A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported).

CVE-2020-15884

목, 2020/07/23 - 11:15오후
A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data.

CVE-2020-15885

목, 2020/07/23 - 11:15오후
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.

CVE-2020-15886

목, 2020/07/23 - 11:15오후
A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint.

CVE-2020-15887

목, 2020/07/23 - 11:15오후
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint.

CVE-2020-15688

목, 2020/07/23 - 10:15오후
GoAhead before 5.1.2 mishandles the nonce value during Digest authentication. This may permit request replay attacks for local requests over HTTP.

CVE-2020-15908

목, 2020/07/23 - 1:15오후
tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive.

CVE-2020-10917

목, 2020/07/23 - 8:15오전
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10007.

CVE-2020-15126

목, 2020/07/23 - 8:15오전
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.

CVE-2020-15904

목, 2020/07/23 - 8:15오전
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.

CVE-2020-15901

목, 2020/07/23 - 7:15오전
ajaxhelper.php in Nagios XI before 5.7.2 allows remote attackers to execute arbitrary commands via cmdsubsys.

CVE-2020-15902

목, 2020/07/23 - 7:15오전
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.

CVE-2020-4369

목, 2020/07/23 - 6:15오전
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.

CVE-2020-4371

목, 2020/07/23 - 6:15오전
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.

페이지