CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-41311

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users Roles settings, via a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：27 | 回复：0
CVE-2021-44725

KNIME Server before 4.13.4 allows directory traversal in a request for a client profile.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：16 | 回复：0
CVE-2021-44726

KNIME Server before 4.13.4 allows XSS via the old WebPortal login page.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：13 | 回复：0
CVE-2018-25020

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instruct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：19 | 回复：0
CVE-2021-20038

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：14 | 回复：0
CVE-2021-20039

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a &#3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：23 | 回复：0
CVE-2021-20040

A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affect ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：11 | 回复：0
CVE-2021-20041

An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：13 | 回复：0
CVE-2021-20042

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appli ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：23 | 回复：0
CVE-2021-20043

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：15 | 回复：0
CVE-2021-20044

A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：25 | 回复：0
CVE-2021-20045

A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the applianc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：8 | 回复：0
CVE-2021-20047

SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：24 | 回复：0
CVE-2021-26110

An improper access control vulnerability in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：16 | 回复：0
CVE-2021-31850

A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：15 | 回复：0
CVE-2021-3793

An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access adminis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：11 | 回复：0
CVE-2021-3843

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：19 | 回复：0
CVE-2021-43610

Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-20 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：7 | 回复：0
CVE-2021-43611

Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via \ in the display name of a From header.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：15 | 回复：0
CVE-2021-21528

Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous ve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：21 | 回复：0
CVE-2021-36305

Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：34 | 回复：0
CVE-2021-36315

Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：21 | 回复：0
CVE-2021-36323

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：14 | 回复：0
CVE-2021-36324

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：18 | 回复：0
CVE-2021-36325

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：20 | 回复：0
CVE-2021-41229

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：16 | 回复：0
CVE-2021-34357

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alread ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：22 | 回复：0
CVE-2021-38684

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：28 | 回复：0
CVE-2021-3918

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：28 | 回复：0
CVE-2021-3921

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：14 | 回复：0
CVE-2021-3931

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：21 | 回复：0
CVE-2021-3932

twill is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：58 | 回复：0
CVE-2021-3938

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：16 | 回复：0
CVE-2021-3945

django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：6 | 回复：0
CVE-2021-3683

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：19 | 回复：0
CVE-2021-3775

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：21 | 回复：0
CVE-2021-3776

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：15 | 回复：0
CVE-2021-3915

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：18 | 回复：0
CVE-2021-41653

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：22 | 回复：0
CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：5 | 回复：0