Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 4시간 54분 지남

CVE-2022-24611

수, 2022/05/18 - 3:15오전
Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs.

CVE-2022-30689

수, 2022/05/18 - 3:15오전
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.

CVE-2022-1116

수, 2022/05/18 - 2:15오전
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.

CVE-2022-1733

수, 2022/05/18 - 2:15오전
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-1769

수, 2022/05/18 - 2:15오전
Buffer Over-read in GitHub repository vim/vim prior to 8.2.

CVE-2022-22475

수, 2022/05/18 - 2:15오전
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 and Open Liberty are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.

CVE-2022-22482

수, 2022/05/18 - 2:15오전
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977.

CVE-2022-29581

수, 2022/05/18 - 2:15오전
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

CVE-2022-30067

수, 2022/05/18 - 2:15오전
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.

CVE-2022-30072

수, 2022/05/18 - 2:15오전
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.

CVE-2020-4994

수, 2022/05/18 - 2:15오전
IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906.

CVE-2021-29726

수, 2022/05/18 - 2:15오전
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.

CVE-2021-38872

수, 2022/05/18 - 2:15오전
IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348.

CVE-2022-22484

수, 2022/05/18 - 1:15오전
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.

CVE-2022-24108

수, 2022/05/18 - 1:15오전
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.

CVE-2022-24856

수, 2022/05/18 - 1:15오전
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround.

CVE-2022-30007

수, 2022/05/18 - 1:15오전
GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server.

CVE-2022-30073

수, 2022/05/18 - 1:15오전
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.

CVE-2020-4957

수, 2022/05/18 - 1:15오전
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.

CVE-2022-30968

수, 2022/05/18 - 12:15오전
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

페이지