CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-46309

An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：18 | 回复：0
CVE-2020-4875

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：19 | 回复：0
CVE-2020-4876

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：17 | 回复：0
CVE-2020-4877

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：18 | 回复：0
CVE-2020-4879

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：30 | 回复：0
CVE-2021-4016

Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：29 | 回复：0
CVE-2022-0323

Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：28 | 回复：0
CVE-2021-23195

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：51 | 回复：0
CVE-2021-23196

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：56 | 回复：0
CVE-2021-23207

An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：43 | 回复：0
CVE-2021-23233

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoint ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：18 | 回复：0
CVE-2021-23236

Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the ra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：20 | 回复：0
CVE-2021-31562

The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：37 | 回复：0
CVE-2021-33843

Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values su ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：28 | 回复：0
CVE-2021-33846

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possess ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：34 | 回复：0
CVE-2021-33848

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP req ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：34 | 回复：0
CVE-2021-33966

Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：37 | 回复：0
CVE-2021-40247

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：28 | 回复：0
CVE-2021-41835

Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：31 | 回复：0
CVE-2021-43355

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：21 | 回复：0
CVE-2021-44464

Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on al ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：13 | 回复：0
CVE-2021-44593

Simple College Website 1.0 is vulnerable to unauthenticated file upload remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：9 | 回复：0
CVE-2021-4001

A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a speci ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：13 | 回复：0
CVE-2021-4032

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：11 | 回复：0
CVE-2022-23127

Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：16 | 回复：0
CVE-2022-23128

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper H ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：15 | 回复：0
CVE-2022-23129

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：20 | 回复：0
CVE-2022-23130

Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：34 | 回复：0
CVE-2022-23728

Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：29 | 回复：0
CVE-2021-23460

The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：84 | 回复：0
CVE-2021-23518

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which al ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：53 | 回复：0
CVE-2021-23631

This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：69 | 回复：0
CVE-2021-23664

The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：33 | 回复：0
CVE-2021-40595

SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Log ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：17 | 回复：0
CVE-2021-36338

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：30 | 回复：0
CVE-2021-36339

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：28 | 回复：0
CVE-2021-46234

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：45 | 回复：0
CVE-2021-46236

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：34 | 回复：0
CVE-2021-46237

An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：12 | 回复：0
CVE-2021-46238

GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:06 | 阅读：14 | 回复：0