Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 4시간 6분 지남

CVE-2020-7310

금, 2020/08/21 - 6:15오후
Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file.

CVE-2020-12759

금, 2020/08/21 - 2:15오후
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.

CVE-2020-14194

금, 2020/08/21 - 2:15오후
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.

CVE-2020-14215

금, 2020/08/21 - 2:15오후
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.

CVE-2020-15070

금, 2020/08/21 - 2:15오후
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.

CVE-2020-24571

금, 2020/08/21 - 1:15오후
NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.

CVE-2020-24574

금, 2020/08/21 - 1:15오후
The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism.

CVE-2020-24567

금, 2020/08/21 - 12:15오후
** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error.

CVE-2020-12618

금, 2020/08/21 - 8:15오전
eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.

CVE-2020-12619

금, 2020/08/21 - 8:15오전
MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.

CVE-2020-24359

금, 2020/08/21 - 2:15오전
HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.

CVE-2020-16279

금, 2020/08/21 - 1:15오전
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization.

CVE-2020-16280

금, 2020/08/21 - 1:15오전
Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system.

CVE-2020-16281

금, 2020/08/21 - 1:15오전
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible.

CVE-2020-16282

금, 2020/08/21 - 1:15오전
In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. This may allow a local attacker to break out of the restricted environment or inject malicious code into the application and fully compromise the operating system.

CVE-2020-4548

금, 2020/08/21 - 1:15오전
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316.

CVE-2020-4687

금, 2020/08/21 - 1:15오전
IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679.

CVE-2020-23935

금, 2020/08/21 - 12:15오전
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".

CVE-2020-23936

목, 2020/08/20 - 11:15오후
PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".

CVE-2020-14357

목, 2020/08/20 - 11:15오후
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

페이지