Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 23분 39초 지남

CVE-2022-2025

토, 2022/09/24 - 1:15오전
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.

CVE-2022-2070

토, 2022/09/24 - 1:15오전
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.

CVE-2022-2970

토, 2022/09/24 - 1:15오전
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.

CVE-2022-2971

토, 2022/09/24 - 1:15오전
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.

CVE-2022-2972

토, 2022/09/24 - 1:15오전
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.

CVE-2022-40195 (loqate)

토, 2022/09/24 - 12:15오전
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PCA Predict plugin <= 1.0.3 at WordPress.

CVE-2022-40310

토, 2022/09/24 - 12:15오전
Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes.

CVE-2022-40671

토, 2022/09/24 - 12:15오전
Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.

CVE-2022-40672

토, 2022/09/24 - 12:15오전
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress.

CVE-2022-40851

토, 2022/09/24 - 12:15오전
Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.

CVE-2022-40854

토, 2022/09/24 - 12:15오전
Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set

CVE-2022-40855

토, 2022/09/24 - 12:15오전
Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.

CVE-2022-40861

토, 2022/09/24 - 12:15오전
Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/

CVE-2022-40866

토, 2022/09/24 - 12:15오전
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/

CVE-2022-40867

토, 2022/09/24 - 12:15오전
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/

CVE-2022-40868

토, 2022/09/24 - 12:15오전
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/

CVE-2022-3257

토, 2022/09/24 - 12:15오전
Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.

CVE-2022-35238

토, 2022/09/24 - 12:15오전
Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.

CVE-2022-36388

토, 2022/09/24 - 12:15오전
Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress.

CVE-2022-36791 (torro_forms)

토, 2022/09/24 - 12:15오전
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress.

페이지