CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-43194

In JetBrains TeamCity before 2021.1.2, user enumeration was possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：14 | 回复：0
CVE-2021-43195

In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：18 | 回复：0
CVE-2021-43196

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：34 | 回复：0
CVE-2021-43197

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：17 | 回复：0
CVE-2021-43198

In JetBrains TeamCity before 2021.1.2, stored XSS is possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：21 | 回复：0
CVE-2021-43199

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：27 | 回复：0
CVE-2021-43200

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：11 | 回复：0
CVE-2021-43201

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：13 | 回复：0
CVE-2021-43203

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：19 | 回复：0
CVE-2021-43180

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：14 | 回复：0
CVE-2021-43181

In JetBrains Hub before 2021.1.13690, stored XSS is possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：25 | 回复：0
CVE-2021-43182

In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：14 | 回复：0
CVE-2021-43172

NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：18 | 回复：0
CVE-2021-43173

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：26 | 回复：0
CVE-2021-43174

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：21 | 回复：0
CVE-2020-28419

During installation with certain driver software or application packages an arbitrary code execution could occur.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：11 | 回复：0
CVE-2021-20119

The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：15 | 回复：0
CVE-2021-43568

The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：26 | 回复：0
CVE-2021-43569

The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：22 | 回复：0
CVE-2021-43570

The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：18 | 回复：0
CVE-2021-43571

The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：11 | 回复：0
CVE-2021-43572

The verify function in the Stark Bank Python ECDSA library (ecdsa-python) 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：35 | 回复：0
CVE-2021-35488

Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combinedtitle={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload wou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：21 | 回复：0
CVE-2021-35489

Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2host={HOSTNAME]service={SERVICENAME]backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：29 | 回复：0
CVE-2021-43575

** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：18 | 回复：0
CVE-2021-37157

An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：15 | 回复：0
CVE-2021-37158

An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a B ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：22 | 回复：0
CVE-2021-26443

Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：17 | 回复：0
CVE-2021-26444

Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-42301, CVE-2021-42323.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：16 | 回复：0
CVE-2021-36957

Windows Desktop Bridge Elevation of Privilege Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：35 | 回复：0
CVE-2021-38631

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41371.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：20 | 回复：0
CVE-2021-38665

Remote Desktop Protocol Client Information Disclosure Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：14 | 回复：0
CVE-2021-38666

Remote Desktop Client Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：26 | 回复：0
CVE-2021-40442

Microsoft Excel Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：29 | 回复：0
CVE-2021-41349

Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：14 | 回复：0
CVE-2021-41351

Microsoft Edge (Chrome based) Spoofing on IE Mode……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：15 | 回复：0
CVE-2021-41356

Windows Denial of Service Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：21 | 回复：0
CVE-2021-41366

Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：17 | 回复：0
CVE-2021-41367

NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41370, CVE-2021-42283.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：17 | 回复：0
CVE-2021-41368

Microsoft Access Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：19 | 回复：0