Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 4분 5초 지남

CVE-2020-13904

월, 2020/06/08 - 4:15오전
FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.

CVE-2020-13902

월, 2020/06/08 - 3:15오전
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

CVE-2020-13897

일, 2020/06/07 - 11:15오전
HESK before 3.1.10 allows reflected XSS.

CVE-2020-13894

일, 2020/06/07 - 10:15오전
handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.

CVE-2020-13895

일, 2020/06/07 - 10:15오전
Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.

CVE-2020-13890

일, 2020/06/07 - 6:15오전
The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.

CVE-2020-13889

일, 2020/06/07 - 5:15오전
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.

CVE-2020-13881

일, 2020/06/07 - 4:15오전
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

CVE-2020-13883

일, 2020/06/07 - 4:15오전
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.

CVE-2020-13871

일, 2020/06/07 - 1:15오전
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

CVE-2020-13864

토, 2020/06/06 - 7:15오전
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.

CVE-2020-13865

토, 2020/06/06 - 7:15오전
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.

CVE-2020-11696

토, 2020/06/06 - 7:15오전
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.

페이지