Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 3시간 23분 지남

CVE-2020-15578

화, 2020/07/07 - 11:15오후
An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020).

CVE-2020-15579

화, 2020/07/07 - 11:15오후
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020).

CVE-2020-15580

화, 2020/07/07 - 11:15오후
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020).

CVE-2020-15581

화, 2020/07/07 - 11:15오후
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020).

CVE-2020-15582

화, 2020/07/07 - 11:15오후
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020).

CVE-2020-15583

화, 2020/07/07 - 11:15오후
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 (July 2020).

CVE-2020-15584

화, 2020/07/07 - 11:15오후
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020).

CVE-2020-10745

화, 2020/07/07 - 11:15오후
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability.

CVE-2020-15367

화, 2020/07/07 - 11:15오후
Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.

CVE-2020-15392

화, 2020/07/07 - 11:15오후
A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.

CVE-2020-15509

화, 2020/07/07 - 11:15오후
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler).

CVE-2020-15513

화, 2020/07/07 - 11:15오후
The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control.

CVE-2020-15514

화, 2020/07/07 - 11:15오후
The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS.

CVE-2020-15516

화, 2020/07/07 - 11:15오후
The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF.

CVE-2020-15517

화, 2020/07/07 - 11:15오후
The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS.

CVE-2020-15525

화, 2020/07/07 - 11:15오후
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.

CVE-2020-15573

화, 2020/07/07 - 11:15오후
SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.

CVE-2020-15574

화, 2020/07/07 - 11:15오후
SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.

CVE-2020-15575

화, 2020/07/07 - 11:15오후
SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.

CVE-2020-15576

화, 2020/07/07 - 11:15오후
SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response.

페이지