Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 2시간 40초 지남

CVE-2020-2110

목, 2020/02/13 - 12:15오전
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

CVE-2020-2111

목, 2020/02/13 - 12:15오전
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.

CVE-2020-2112

목, 2020/02/13 - 12:15오전
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.

CVE-2020-2113

목, 2020/02/13 - 12:15오전
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.

CVE-2020-2114

목, 2020/02/13 - 12:15오전
Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

CVE-2013-1410

목, 2020/02/13 - 12:15오전
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities

CVE-2013-2010

목, 2020/02/13 - 12:15오전
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability

CVE-2013-7381

목, 2020/02/13 - 12:15오전
libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.

CVE-2015-5617

목, 2020/02/13 - 12:15오전
SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.

CVE-2015-7890

목, 2020/02/13 - 12:15오전
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.

CVE-2019-20098

수, 2020/02/12 - 11:15오후
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.

CVE-2019-20099

수, 2020/02/12 - 11:15오후
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.

CVE-2019-20100

수, 2020/02/12 - 11:15오후
The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.

CVE-2009-5139

수, 2020/02/12 - 11:15오후
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.

CVE-2009-5140

수, 2020/02/12 - 11:15오후
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.

CVE-2012-0810

수, 2020/02/12 - 11:15오후
The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.

CVE-2013-7378

수, 2020/02/12 - 11:15오후
scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.

CVE-2014-2560

수, 2020/02/12 - 11:15오후
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.

CVE-2014-4607

수, 2020/02/12 - 11:15오후
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

페이지