CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-41134

nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：68 | 回复：0
CVE-2021-41174

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：68 | 回复：0
CVE-2021-43140

SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：58 | 回复：0
CVE-2021-43141

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：55 | 回复：0
CVE-2020-28416

HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：54 | 回复：0
CVE-2020-6931

HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：56 | 回复：0
CVE-2021-22960

The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：69 | 回复：0
CVE-2021-33800

In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：75 | 回复：0
CVE-2021-35053

Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the syste ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：76 | 回复：0
CVE-2021-38403

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：86 | 回复：0
CVE-2021-38407

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API dev ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：79 | 回复：0
CVE-2021-38411

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the A ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：74 | 回复：0
CVE-2021-38416

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：84 | 回复：0
CVE-2021-38418

Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access info ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：72 | 回复：0
CVE-2021-38420

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：76 | 回复：0
CVE-2021-38422

Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privilege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：77 | 回复：0
CVE-2021-38424

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：60 | 回复：0
CVE-2021-38428

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API sch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：71 | 回复：0
CVE-2021-38488

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：78 | 回复：0
CVE-2021-41492

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：61 | 回复：0
CVE-2021-42772

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：57 | 回复：0
CVE-2021-43032

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：47 | 回复：0
CVE-2021-43338

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43339. Reason: This candidate is a duplicate of CVE-2021-43339. Notes: All CVE users should reference CVE-2021-43339 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：69 | 回复：0
CVE-2021-43339

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be create ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：70 | 回复：0
CVE-2021-41562

A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：69 | 回复：0
CVE-2020-25367

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：66 | 回复：0
CVE-2021-34594

TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：60 | 回复：0
CVE-2021-34597

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：77 | 回复：0
CVE-2020-25366

An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：80 | 回复：0
CVE-2020-25368

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：78 | 回复：0
CVE-2021-42624

A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：70 | 回复：0
CVE-2021-1500

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：65 | 回复：0
CVE-2021-34701

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：55 | 回复：0
CVE-2021-34731

A vulnerability in the web-based management interface of Cisco Prime Access Registrar could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected syste ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：58 | 回复：0
CVE-2021-34739

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：67 | 回复：0
CVE-2021-34741

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：59 | 回复：0
CVE-2021-34773

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：51 | 回复：0
CVE-2021-34774

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：62 | 回复：0
CVE-2021-34784

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：63 | 回复：0
CVE-2021-34795

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：69 | 回复：0