Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 5시간 33분 지남

CVE-2020-12273

월, 2020/04/27 - 10:15오후
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.

CVE-2020-12274

월, 2020/04/27 - 10:15오후
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.

CVE-2020-12270

월, 2020/04/27 - 1:15오후
React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs.

CVE-2020-12271

월, 2020/04/27 - 1:15오후
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

CVE-2020-12267

월, 2020/04/27 - 11:15오전
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.

CVE-2020-12268

월, 2020/04/27 - 11:15오전
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.

CVE-2019-20789

월, 2020/04/27 - 2:15오전
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.

CVE-2020-12265

월, 2020/04/27 - 2:15오전
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.

CVE-2020-12254

월, 2020/04/27 - 12:15오전
Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink.

페이지