Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 3시간 28분 지남

CVE-2020-6857

수, 2020/01/22 - 2:15오전
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.

CVE-2020-7211

수, 2020/01/22 - 2:15오전
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.

CVE-2020-7213

수, 2020/01/22 - 2:15오전
Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site.

CVE-2020-7229

수, 2020/01/22 - 2:15오전
An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php.

CVE-2019-3864

수, 2020/01/22 - 1:15오전
A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account.

CVE-2019-14765

수, 2020/01/22 - 1:15오전
Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers.

CVE-2019-14766

수, 2020/01/22 - 1:15오전
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem.

CVE-2019-14767

수, 2020/01/22 - 1:15오전
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.

CVE-2019-14768

수, 2020/01/22 - 1:15오전
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.

CVE-2011-5282

수, 2020/01/22 - 1:15오전
mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled.

CVE-2012-5190

수, 2020/01/22 - 1:15오전
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability

CVE-2011-4095

수, 2020/01/22 - 12:15오전
Jara 1.6 has an XSS vulnerability

CVE-2011-4322

수, 2020/01/22 - 12:15오전
websitebaker prior to and including 2.8.1 has an authentication error in backup module.

CVE-2015-6907

수, 2020/01/22 - 12:15오전
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

CVE-2020-7470

수, 2020/01/22 - 12:15오전
Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a successful login with the Web Admin Password).

CVE-2011-2668

수, 2020/01/22 - 12:15오전
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header

CVE-2011-2669

수, 2020/01/22 - 12:15오전
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.

CVE-2011-4094

수, 2020/01/22 - 12:15오전
Jara 1.6 has a SQL injection vulnerability.

CVE-2020-7246

화, 2020/01/21 - 11:15오후
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

CVE-2019-10611

화, 2020/01/21 - 4:15오후
Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130

페이지