CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-42917

Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：65 | 回复：0
CVE-2021-31848

Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：57 | 回复：0
CVE-2021-31849

SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO datab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：72 | 回复：0
CVE-2018-10909

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：57 | 回复：0
CVE-2021-20136

ManageEngine Log360 Builds 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted mes ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：78 | 回复：0
CVE-2021-38356

The NextScripts: Social Networks Auto-Poster = 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST parameter which is echoed out on inc/nxs_class_snap.php by supp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：67 | 回复：0
CVE-2021-39333

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：60 | 回复：0
CVE-2021-39340

The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.ph ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：55 | 回复：0
CVE-2021-39341

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key funct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：64 | 回复：0
CVE-2021-39346

The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/vie ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：58 | 回复：0
CVE-2021-41187

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：55 | 回复：0
CVE-2021-43058

An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially craf ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：57 | 回复：0
CVE-2021-41310

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Proj ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：48 | 回复：0
CVE-2021-25973

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：64 | 回复：0
CVE-2021-33593

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：53 | 回复：0
CVE-2021-3765

validator.js is vulnerable to Inefficient Regular Expression Complexity……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：66 | 回复：0
CVE-2021-33611

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious J ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：50 | 回复：0
CVE-2021-36560

Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：70 | 回复：0
CVE-2020-27406

Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：51 | 回复：0
CVE-2020-35249

Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：65 | 回复：0
CVE-2021-27722

An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the Key or Name field while registering.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：57 | 回复：0
CVE-2021-27723

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：67 | 回复：0
CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：39 | 回复：0
CVE-2021-42763

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：60 | 回复：0
CVE-2021-36922

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：50 | 回复：0
CVE-2021-36923

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE-2021-36924

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Servi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：57 | 回复：0
CVE-2021-36925

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：69 | 回复：0
CVE-2021-42568

Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：63 | 回复：0
CVE-2021-36794

In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE-2021-29737

IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：47 | 回复：0
CVE-2021-29738

IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：48 | 回复：0
CVE-2021-29771

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：56 | 回复：0
CVE-2021-29875

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：48 | 回复：0
CVE-2021-29888

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：53 | 回复：0
CVE-2021-38948

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：52 | 回复：0
CVE-2020-12814

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：53 | 回复：0
CVE-2020-15940

An improper neutralization of input vulnerability in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：55 | 回复：0
CVE-2020-18438

Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：41 | 回复：0
CVE-2020-18439

An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:29 | 阅读：57 | 回复：0