CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-42386

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：24 | 回复：0
CVE-2021-41271

Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of conf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：30 | 回复：0
CVE-2021-42337

The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except pass ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：38 | 回复：0
CVE-2021-25976

In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：11 | 回复：0
CVE-2021-25940

In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：13 | 回复：0
CVE-2021-25965

In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin priv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：6 | 回复：0
CVE-2021-25982

In Factor (App Framework Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. An unauthenticated attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：8 | 回复：0
CVE-2021-25983

In Factor (App Framework Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unau ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：10 | 回复：0
CVE-2021-25984

In Factor (App Framework Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. An unauthenticated attacker can exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：16 | 回复：0
CVE-2021-25985

In Factor (App Framework Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：20 | 回复：0
CVE-2021-37580

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：35 | 回复：0
CVE-2021-42114

Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：21 | 回复：0
CVE-2021-30216

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a customer-controlled ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：23 | 回复：0
CVE-2021-3958

Due to improper sanitization iPack SCADA Automation software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：21 | 回复：0
CVE-2021-43361

Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：16 | 回复：0
CVE-2021-43362

Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：22 | 回复：0
CVE-2021-38882

IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：11 | 回复：0
CVE-2021-38949

IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：33 | 回复：0
CVE-2021-26312

PSP protection against improperly configured side channels may lead to potential information disclosure. This issue affects: AMD 1st Gen AMD EPYC™ versions prior to NaplesPI-SP3_1.0.0.G. AMD 2nd Gen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：19 | 回复：0
CVE-2021-26322

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：16 | 回复：0
CVE-2021-26326

Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：14 | 回复：0
CVE-2021-26329

AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：33 | 回复：0
CVE-2021-26338

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：25 | 回复：0
CVE-2021-41252

Kirby is an open source file structured CMS ### Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special char ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:34 | 阅读：28 | 回复：0
CVE-2021-33267

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：14 | 回复：0
CVE-2021-33268

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：19 | 回复：0
CVE-2021-33269

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：20 | 回复：0
CVE-2021-33270

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：14 | 回复：0
CVE-2021-33271

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulner ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：13 | 回复：0
CVE-2021-33274

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulner ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：7 | 回复：0
CVE-2020-35012

The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：8 | 回复：0
CVE-2020-35037

The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：5 | 回复：0
CVE-2021-42711

Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：10 | 回复：0
CVE-2021-43791

Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：8 | 回复：0
CVE-2021-44227

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：14 | 回复：0
CVE-2020-27414

Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-26777

Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：17 | 回复：0
CVE-2021-43681

SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：12 | 回复：0
CVE-2021-43683

pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：16 | 回复：0
CVE-2021-43686

nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：22 | 回复：0