Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 5시간 43분 지남

CVE-2022-29815

목, 2022/04/28 - 7:15오후
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible

CVE-2022-29816

목, 2022/04/28 - 7:15오후
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible

CVE-2022-29817

목, 2022/04/28 - 7:15오후
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible

CVE-2022-29818

목, 2022/04/28 - 7:15오후
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed

CVE-2022-29819

목, 2022/04/28 - 7:15오후
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible

CVE-2022-29820

목, 2022/04/28 - 7:15오후
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible

CVE-2022-29821

목, 2022/04/28 - 7:15오후
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible

CVE-2022-1509

목, 2022/04/28 - 7:15오후
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.

CVE-2022-29811

목, 2022/04/28 - 7:15오후
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.

CVE-2022-28719

목, 2022/04/28 - 6:15오후
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.

CVE-2022-29869

목, 2022/04/28 - 10:15오전
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

CVE-2022-29859

목, 2022/04/28 - 8:15오전
component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data.

CVE-2021-3523

목, 2022/04/28 - 6:15오전
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.

CVE-2022-24891

목, 2022/04/28 - 6:15오전
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.

CVE-2022-24735

목, 2022/04/28 - 5:15오전
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

CVE-2022-24736

목, 2022/04/28 - 5:15오전
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0, 6.2.X and 6.0.X. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

CVE-2022-28195

목, 2022/04/28 - 3:15오전
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity.

CVE-2022-28196

목, 2022/04/28 - 3:15오전
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service.

CVE-2022-28197

목, 2022/04/28 - 3:15오전
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity.

CVE-2022-22315

목, 2022/04/28 - 3:15오전
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.

페이지