CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-24840

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE-2021-24844

The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE-2021-40577

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：18 | 回复：0
CVE-2021-39420

Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：23 | 回复：0
CVE-2021-41170

neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are execu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：7 | 回复：0
CVE-2020-23572

BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image fil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：9 | 回复：0
CVE-2021-40260

Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) ed ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：16 | 回复：0
CVE-2021-40261

Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) first ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：16 | 回复：0
CVE-2021-41253

Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：15 | 回复：0
CVE-2020-10052

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE-2020-10053

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：5 | 回复：0
CVE-2020-10054

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions V2.12). The affected application does not properly handle the import of large configuration files. A local attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE-2021-31344

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：14 | 回复：0
CVE-2021-31345

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：22 | 回复：0
CVE-2021-31346

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE-2021-31881

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：14 | 回复：0
CVE-2021-31882

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE-2021-31883

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：6 | 回复：0
CVE-2021-20700

Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRE ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：82 | 回复：0
CVE-2021-20701

Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRE ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：81 | 回复：0
CVE-2021-20702

Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：83 | 回复：0
CVE-2021-20703

Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：87 | 回复：0
CVE-2021-20704

Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：86 | 回复：0
CVE-2021-20705

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：81 | 回复：0
CVE-2021-20706

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：74 | 回复：0
CVE-2021-20707

Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：75 | 回复：0
CVE-2021-41036

In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：64 | 回复：0
CVE-2020-5955

An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：65 | 回复：0
CVE-2021-29991

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：61 | 回复：0
CVE-2021-29993

Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are un ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：60 | 回复：0
CVE-2021-38491

Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox 92.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：75 | 回复：0
CVE-2021-38492

When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：71 | 回复：0
CVE-2021-38493

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：73 | 回复：0
CVE-2021-38494

Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：63 | 回复：0
CVE-2021-38495

Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：75 | 回复：0
CVE-2021-38496

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：67 | 回复：0
CVE-2021-38497

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：71 | 回复：0
CVE-2021-38498

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：63 | 回复：0
CVE-2021-38499

Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：83 | 回复：0
CVE-2021-38500

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：79 | 回复：0