CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-43209

3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43208.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：29 | 回复：0
CVE-2021-22870

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would nee ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：27 | 回复：0
CVE-2021-31853

DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：16 | 回复：0
CVE-2021-25974

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：24 | 回复：0
CVE-2021-25975

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the upl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：20 | 回复：0
CVE-2021-34582

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated cer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：16 | 回复：0
CVE-2021-34598

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：13 | 回复：0
CVE-2021-39474

Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd compo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：25 | 回复：0
CVE-2021-43136

An authentication bypass issue in FormaLMS = 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：13 | 回复：0
CVE-2021-38887

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IB ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：11 | 回复：0
CVE-2021-43523

In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to outpu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：25 | 回复：0
CVE-2021-43561

An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML con ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：19 | 回复：0
CVE-2021-43562

An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：9 | 回复：0
CVE-2020-12488

The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：20 | 回复：0
CVE-2021-40501

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：19 | 回复：0
CVE-2021-40502

SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers wil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：25 | 回复：0
CVE-2021-40503

An information disclosure vulnerability exists in SAP GUI for Windows - versions 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：12 | 回复：0
CVE-2021-40504

A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authoriz ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：19 | 回复：0
CVE-2021-40518

Airangel HSMX Gateway devices through 5.2.04 allow CSRF.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：11 | 回复：0
CVE-2021-40519

Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：13 | 回复：0
CVE-2021-40521

Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：11 | 回复：0
CVE-2021-41426

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：12 | 回复：0
CVE-2021-41427

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：18 | 回复：0
CVE-2021-42062

SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll informati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：15 | 回复：0
CVE-2021-43563

An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated atta ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：10 | 回复：0
CVE-2021-43564

An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unaut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：17 | 回复：0
CVE-2020-28137

Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：33 | 回复：0
CVE-2021-3056

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentica ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：32 | 回复：0
CVE-2021-3058

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：17 | 回复：0
CVE-2021-3059

An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：27 | 回复：0
CVE-2021-3060

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the fi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：26 | 回复：0
CVE-2021-3061

An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to es ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：14 | 回复：0
CVE-2021-3062

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：15 | 回复：0
CVE-2021-3063

An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send spe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：21 | 回复：0
CVE-2021-3064

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potent ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：12 | 回复：0
CVE-2021-3380

Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：19 | 回复：0
CVE-2021-40517

Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：6 | 回复：0
CVE-2021-40520

Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：16 | 回复：0
CVE-2021-41038

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：5 | 回复：0
CVE-2021-22048

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Se ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：13 | 回复：0