Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 49분 58초 지남

CVE-2020-10940

토, 2020/03/28 - 6:15오전
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.

CVE-2020-10939

토, 2020/03/28 - 5:15오전
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.

CVE-2020-6095

토, 2020/03/28 - 5:15오전
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2020-10817

토, 2020/03/28 - 4:15오전
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.

CVE-2020-10952

토, 2020/03/28 - 4:15오전
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.

CVE-2020-10953

토, 2020/03/28 - 4:15오전
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.

CVE-2020-10954

토, 2020/03/28 - 4:15오전
GitLab through 12.9 is affected by a potential DoS in repository archive download.

CVE-2020-10955

토, 2020/03/28 - 4:15오전
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

CVE-2020-10956

토, 2020/03/28 - 4:15오전
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.

CVE-2020-5857

토, 2020/03/28 - 12:15오전
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.

CVE-2020-5858

토, 2020/03/28 - 12:15오전
On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.

CVE-2020-5859

토, 2020/03/28 - 12:15오전
On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file.

CVE-2020-5860

토, 2020/03/28 - 12:15오전
On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS).

CVE-2020-5861

토, 2020/03/28 - 12:15오전
On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors.

CVE-2020-5862

토, 2020/03/28 - 12:15오전
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS.

CVE-2020-5863

토, 2020/03/28 - 12:15오전
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.

CVE-2020-8551

토, 2020/03/28 - 12:15오전
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

CVE-2020-8552

토, 2020/03/28 - 12:15오전
The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

CVE-2015-5684

토, 2020/03/28 - 12:15오전
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.

CVE-2015-7333

토, 2020/03/28 - 12:15오전
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.

페이지