CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-43044

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：24 | 回复：0
CVE-2021-43469

VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：21 | 回复：0
CVE-2021-4069

vim is vulnerable to Use After Free……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：21 | 回复：0
CVE-2021-43471

In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：39 | 回复：0
CVE-2021-24714

The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：15 | 回复：0
CVE-2021-24718

The Contact Form, Survey Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：17 | 回复：0
CVE-2021-24759

The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：10 | 回复：0
CVE-2021-24866

The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-24914

The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The firs ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-24917

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthentica ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：25 | 回复：0
CVE-2021-24924

The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：22 | 回复：0
CVE-2021-24930

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：16 | 回复：0
CVE-2021-24931

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：28 | 回复：0
CVE-2021-24935

The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：22 | 回复：0
CVE-2021-24938

The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-24939

The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：23 | 回复：0
CVE-2021-24943

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and au ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：382 | 回复：0
CVE-2021-25041

The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：16 | 回复：0
CVE-2021-35242

Serv-U server responds with valid CSRFToken when the request contains only Session.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：19 | 回复：0
CVE-2021-35245

When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：23 | 回复：0
CVE-2021-36198

Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：15 | 回复：0
CVE-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：21 | 回复：0
CVE-2021-43781

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：12 | 回复：0
CVE-2021-43784

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：16 | 回复：0
CVE-2021-43931

The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：23 | 回复：0
CVE-2021-43936

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：13 | 回复：0
CVE-2021-43800

Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：11 | 回复：0
CVE-2021-36564

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE-2021-36567

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：23 | 回复：0
CVE-2021-37298

Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery\Generator\DefinedTargetClass.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：14 | 回复：0
CVE-2021-40091

An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：11 | 回复：0
CVE-2021-40313

Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：15 | 回复：0
CVE-2021-4075

snipe-it is vulnerable to Server-Side Request Forgery (SSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：27 | 回复：0
CVE-2021-31631

b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：13 | 回复：0
CVE-2021-31632

b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：20 | 回复：0
CVE-2021-44677

An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for pos ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：22 | 回复：0
CVE-2021-44678

An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for pos ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：22 | 回复：0
CVE-2021-44679

An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for pos ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：28 | 回复：0
CVE-2021-44680

An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for pos ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：24 | 回复：0