Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 5시간 36분 지남

CVE-2020-7599

화, 2020/03/31 - 4:15오전
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.

CVE-2020-7610

화, 2020/03/31 - 4:15오전
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.

CVE-2019-17560

화, 2020/03/31 - 4:15오전
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

CVE-2019-17561

화, 2020/03/31 - 4:15오전
The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

CVE-2020-8509

화, 2020/03/31 - 3:15오전
Zoho ManageEngine Desktop Central allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.

CVE-2019-7755

화, 2020/03/31 - 2:15오전
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.

CVE-2020-10560

월, 2020/03/30 - 10:15오후
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.

CVE-2020-5527

월, 2020/03/30 - 5:15오후
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet communication functions.

CVE-2020-5551

월, 2020/03/30 - 2:15오후
Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected.

CVE-2020-10940

토, 2020/03/28 - 6:15오전
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.

CVE-2020-10939

토, 2020/03/28 - 5:15오전
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.

CVE-2020-6095

토, 2020/03/28 - 5:15오전
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2020-10817

토, 2020/03/28 - 4:15오전
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.

CVE-2020-10952

토, 2020/03/28 - 4:15오전
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.

CVE-2020-10953

토, 2020/03/28 - 4:15오전
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.

CVE-2020-10954

토, 2020/03/28 - 4:15오전
GitLab through 12.9 is affected by a potential DoS in repository archive download.

CVE-2020-10955

토, 2020/03/28 - 4:15오전
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

CVE-2020-10956

토, 2020/03/28 - 4:15오전
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.

CVE-2020-5857

토, 2020/03/28 - 12:15오전
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.

CVE-2020-5858

토, 2020/03/28 - 12:15오전
On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.

페이지