Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 3시간 14분 지남

CVE-2020-11805

금, 2020/09/25 - 1:23오후
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.

CVE-2020-12824

금, 2020/09/25 - 1:23오후
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.

CVE-2020-13387

금, 2020/09/25 - 1:23오후
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.

CVE-2020-23837

금, 2020/09/25 - 1:23오후
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.

CVE-2017-17477

금, 2020/09/25 - 1:23오후
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.

CVE-2020-13991

금, 2020/09/25 - 8:15오전
vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.

CVE-2020-15160

금, 2020/09/25 - 8:15오전
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8

CVE-2020-15162

금, 2020/09/25 - 8:15오전
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.

CVE-2020-15843

금, 2020/09/25 - 8:15오전
ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full Control" to "Everyone". An authenticated local attacker can exploit this to replace the TSClientB.exe binary in the Terminal directory, which is executed on logon for every user. Alternatively, the attacker can replace any of the binaries in the Client or Install directories. The latter requires additional user interaction, for example starting the client.

CVE-2020-17365

금, 2020/09/25 - 8:15오전
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

CVE-2020-15161

금, 2020/09/25 - 7:15오전
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8

CVE-2020-8344

금, 2020/09/25 - 6:15오전
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

CVE-2020-8347

금, 2020/09/25 - 6:15오전
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.

CVE-2020-8348

금, 2020/09/25 - 6:15오전
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.

CVE-2020-15850

금, 2020/09/25 - 6:15오전
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.

CVE-2020-15851

금, 2020/09/25 - 6:15오전
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories.

CVE-2020-8325

금, 2020/09/25 - 6:15오전
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

CVE-2020-8328

금, 2020/09/25 - 6:15오전
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

CVE-2020-8333

금, 2020/09/25 - 6:15오전
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

CVE-2020-8343

금, 2020/09/25 - 6:15오전
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

페이지