Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 1시간 16분 지남

CVE-2020-9418

금, 2020/03/06 - 1:15오전
An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking.

CVE-2020-10174

금, 2020/03/06 - 1:15오전
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.

CVE-2020-10173

금, 2020/03/06 - 12:15오전
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.

CVE-2020-9402

금, 2020/03/06 - 12:15오전
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.

CVE-2020-9544

금, 2020/03/06 - 12:15오전
An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the administrative interface can install firmware of their choice.

CVE-2019-20499

금, 2020/03/06 - 12:15오전
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.

CVE-2019-20500

금, 2020/03/06 - 12:15오전
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.

CVE-2019-20501

금, 2020/03/06 - 12:15오전
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.

CVE-2019-20107

목, 2020/03/05 - 10:15오후
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration.

CVE-2020-10106

목, 2020/03/05 - 10:15오후
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.

CVE-2020-10107

목, 2020/03/05 - 10:15오후
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php.

CVE-2020-9370

목, 2020/03/05 - 10:15오후
HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.

CVE-2020-9380

목, 2020/03/05 - 10:15오후
IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script.

CVE-2019-14098

목, 2020/03/05 - 6:15오후
Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9886, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

CVE-2019-2300

목, 2020/03/05 - 6:15오후
Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130

CVE-2019-2311

목, 2020/03/05 - 6:15오후
Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SA6155P, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

CVE-2019-2317

목, 2020/03/05 - 6:15오후
The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150

CVE-2019-14032

목, 2020/03/05 - 6:15오후
Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

CVE-2019-14045

목, 2020/03/05 - 6:15오후
Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439, SM8150, SXR1130

CVE-2019-14048

목, 2020/03/05 - 6:15오후
Possible out of bound memory access while playing a crafted clip in media player in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in SM8150

페이지