CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-40112

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：60 | 回复：0
CVE-2021-40113

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：57 | 回复：0
CVE-2021-40115

A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：67 | 回复：0
CVE-2021-40119

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：50 | 回复：0
CVE-2021-40120

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：52 | 回复：0
CVE-2021-40124

A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected dev ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：55 | 回复：0
CVE-2021-40126

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：61 | 回复：0
CVE-2021-40127

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：52 | 回复：0
CVE-2021-40128

A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：60 | 回复：0
CVE-2021-21685

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：59 | 回复：0
CVE-2021-21686

File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：57 | 回复：0
CVE-2021-21687

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：63 | 回复：0
CVE-2021-21688

The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read acce ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：64 | 回复：0
CVE-2021-21689

FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：53 | 回复：0
CVE-2021-21690

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：74 | 回复：0
CVE-2021-21691

Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：64 | 回复：0
CVE-2021-21692

FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of &# ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：61 | 回复：0
CVE-2021-21693

When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：72 | 回复：0
CVE-2021-21694

FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：70 | 回复：0
CVE-2021-21695

FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：72 | 回复：0
CVE-2021-21696

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：76 | 回复：0
CVE-2021-21697

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：68 | 回复：0
CVE-2021-21698

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：67 | 回复：0
CVE-2021-41247

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：69 | 回复：0
CVE-2021-43281

MyBB before 1.8.29 allows Remote Code Injection by an admin with the Can manage settings? permission. The Admin CP's Settings management module does not validate setting types correctly on inserti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：65 | 回复：0
CVE-2021-43293

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：85 | 回复：0
CVE-2021-43389

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：81 | 回复：0
CVE-2020-21139

EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=useract=add.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：112 | 回复：0
CVE-2021-41249

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised H ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：132 | 回复：0
CVE-2021-43396

** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：115 | 回复：0
CVE-2021-3896

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 ins ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：94 | 回复：0
CVE-2021-41248

GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：97 | 回复：0
CVE-2021-42057

Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：115 | 回复：0
CVE-2021-43398

** DISPUTED ** Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause discl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：134 | 回复：0
CVE-2021-39902

Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：101 | 回复：0
CVE-2021-39903

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance admin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：94 | 回复：0
CVE-2021-39914

A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when pro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：122 | 回复：0
CVE-2021-43400

An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：136 | 回复：0
CVE-2021-22260

A stored Cross-Site Scripting vulnerability in the DataDog integration in GitLab CE/EE version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：124 | 回复：0
CVE-2021-39895

In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:30 | 阅读：124 | 回复：0