Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 4시간 48분 지남

CVE-2021-25376

토, 2021/04/10 - 3:15오전
An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.

CVE-2021-25377

토, 2021/04/10 - 3:15오전
Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.

CVE-2021-25378

토, 2021/04/10 - 3:15오전
Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.

CVE-2021-25379

토, 2021/04/10 - 3:15오전
Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.

CVE-2021-25380

토, 2021/04/10 - 3:15오전
Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user.

CVE-2021-25381

토, 2021/04/10 - 3:15오전
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

CVE-2021-25356

토, 2021/04/10 - 3:15오전
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.

CVE-2021-25357

토, 2021/04/10 - 3:15오전
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.

CVE-2021-25358

토, 2021/04/10 - 3:15오전
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.

CVE-2021-25359

토, 2021/04/10 - 3:15오전
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.

CVE-2021-25360

토, 2021/04/10 - 3:15오전
An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

CVE-2021-25361

토, 2021/04/10 - 3:15오전
An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.

CVE-2021-25362

토, 2021/04/10 - 3:15오전
An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.

CVE-2021-25363

토, 2021/04/10 - 3:15오전
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.

CVE-2021-25364

토, 2021/04/10 - 3:15오전
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.

CVE-2021-25365

토, 2021/04/10 - 3:15오전
An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.

CVE-2020-13591

토, 2021/04/10 - 3:15오전
An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.

CVE-2020-13592

토, 2021/04/10 - 3:15오전
An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.

CVE-2020-23761

토, 2021/04/10 - 3:15오전
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.

CVE-2020-23762

토, 2021/04/10 - 3:15오전
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.

페이지