CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-38965

IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 2123 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：16 | 回复：0
CVE-2022-0242

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：22 | 回复：0
CVE-2021-42357

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：20 | 回复：0
CVE-2022-22703

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：22 | 回复：0
CVE-2022-0245

Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：21 | 回复：0
CVE-2021-44757

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP arch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：19 | 回复：0
CVE-2021-33964

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_level which receives parameters by POST request, and the parameter firewall_level has a command injec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：12 | 回复：0
CVE-2021-45394

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious link tag in the converted HTML document.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：24 | 回复：0
CVE-2021-33965

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which receives parameters by POST request, and the parameter mesh_enable and mesh_device have a command injec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：27 | 回复：0
CVE-2021-38783

There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/cedar_dev through iotcl cmd IOCTL_SET_PROC_INFO and IOCTL_COPY_PROC_INFO, which could cause a system crash ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：26 | 回复：0
CVE-2021-22566

An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：25 | 回复：0
CVE-2021-38694

SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：27 | 回复：0
CVE-2021-38784

There is a NULL pointer dereference in the syscall open_exec function of Allwinner R818 SoC Android Q SDK V1.0 that could executable a malicious file to cause a system crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：19 | 回复：0
CVE-2021-38785

There is a NULL pointer deference in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/cedar_dev that could use the ioctl cmd IOCTL_GET_IOMMU_ADDR to cause a system crash.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：23 | 回复：0
CVE-2021-38695

SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scripting (XSS) that allows users to store scripts in certain fields (e.g. subject, description) of the document form.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：44 | 回复：0
CVE-2021-38696

SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：20 | 回复：0
CVE-2021-38697

SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：23 | 回复：0
CVE-2021-41550

Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：16 | 回复：0
CVE-2021-41551

Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：19 | 回复：0
CVE-2021-44217

In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：9 | 回复：0
CVE-2022-0260

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：17 | 回复：0
CVE-2021-4146

Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：12 | 回复：0
CVE-2022-0261

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：18 | 回复：0
CVE-2022-0262

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：19 | 回复：0
CVE-2022-0263

Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：21 | 回复：0
CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：23 | 回复：0
CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：25 | 回复：0
CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：21 | 回复：0
CVE-2020-14107

A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：26 | 回复：0
CVE-2020-14110

AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：22 | 回复：0
CVE-2021-29215

A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：36 | 回复：0
CVE-2021-29632

In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：17 | 回复：0
CVE-2021-29872

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：30 | 回复：0
CVE-2021-37864

Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：34 | 回复：0
CVE-2021-37865

Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：32 | 回复：0
CVE-2021-37866

Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：23 | 回复：0
CVE-2021-37867

Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which allows authenticated and unauthorized users to access this information resu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：16 | 回复：0
CVE-2021-39892

In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：16 | 回复：0
CVE-2021-39927

Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.x, between 14.5.0 and 14.5.x, and between 14.6.0 and 14.6.x would fail to protect against attacks sending requests ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：21 | 回复：0
CVE-2021-39942

A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:04 | 阅读：12 | 回复：0