Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 2시간 19분 지남

CVE-2020-6996

목, 2020/04/16 - 4:15오전
Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer overflow. Authentication is not required to exploit this vulnerability.

CVE-2019-12521

목, 2020/04/16 - 4:15오전
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

CVE-2019-12522

목, 2020/04/16 - 4:15오전
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

CVE-2019-12524

목, 2020/04/16 - 4:15오전
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.

CVE-2019-20651

목, 2020/04/16 - 4:15오전
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16.

CVE-2019-20652

목, 2020/04/16 - 4:15오전
NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information.

CVE-2019-20653

목, 2020/04/16 - 4:15오전
Certain NETGEAR devices are affected by denial of service. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4.

CVE-2019-20654

목, 2020/04/16 - 4:15오전
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4.

CVE-2020-11789

목, 2020/04/16 - 3:15오전
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10.

CVE-2020-11790

목, 2020/04/16 - 3:15오전
NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers.

CVE-2020-11791

목, 2020/04/16 - 3:15오전
NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS.

CVE-2020-11792

목, 2020/04/16 - 3:15오전
NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure.

CVE-2020-3953

목, 2020/04/16 - 3:15오전
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.

CVE-2020-3954

목, 2020/04/16 - 3:15오전
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.

CVE-2020-5346

목, 2020/04/16 - 3:15오전
RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.

CVE-2020-5350

목, 2020/04/16 - 3:15오전
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.

CVE-2019-20639

목, 2020/04/16 - 3:15오전
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVE-2019-20640

목, 2020/04/16 - 3:15오전
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

CVE-2019-20641

목, 2020/04/16 - 3:15오전
NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level.

CVE-2019-20642

목, 2020/04/16 - 3:15오전
NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass.

페이지