CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-41308

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：52 | 回复：0
CVE-2021-20837

Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：48 | 回复：0
CVE-2021-34583

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：49 | 回复：0
CVE-2021-34584

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：52 | 回复：0
CVE-2021-34585

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an inval ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：58 | 回复：0
CVE-2021-34586

In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：47 | 回复：0
CVE-2021-34593

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：57 | 回复：0
CVE-2021-34595

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-serv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：52 | 回复：0
CVE-2021-34596

A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：51 | 回复：0
CVE-2020-5669

Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：55 | 回复：0
CVE-2021-40343

An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：68 | 回复：0
CVE-2021-40344

An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an im ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：71 | 回复：0
CVE-2021-40345

An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the arch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：56 | 回复：0
CVE-2021-42343

An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：55 | 回复：0
CVE-2021-41873

Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：51 | 回复：0
CVE-2011-2195

A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'pat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：53 | 回复：0
CVE-2011-4119

caml-light = 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：55 | 回复：0
CVE-2021-26607

An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：59 | 回复：0
CVE-2021-26609

A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulner ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：58 | 回复：0
CVE-2021-37371

Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：43 | 回复：0
CVE-2021-37372

Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：49 | 回复：0
CVE-2021-41078

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：72 | 回复：0
CVE-2021-37363

An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would conne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：48 | 回复：0
CVE-2021-37364

OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename my ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：73 | 回复：0
CVE-2021-41157

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：60 | 回复：0
CVE-2021-41158

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：63 | 回复：0
CVE-2021-41172

AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis ser ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：45 | 回复：0
CVE-2021-41173

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：46 | 回复：0
CVE-2021-41175

Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is pos ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：50 | 回复：0
CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted cod ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：63 | 回复：0
CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：44 | 回复：0
CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：57 | 回复：0
CVE-2021-41185

Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：64 | 回复：0
CVE-2021-41188

Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the secu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：51 | 回复：0
CVE-2021-35499

The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：59 | 回复：0
CVE-2019-3556

HHVM supports the use of an admin server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the curr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：49 | 回复：0
CVE-2020-22864

A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：55 | 回复：0
CVE-2021-23877

Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a spec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：78 | 回复：0
CVE-2021-41866

MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：57 | 回复：0
CVE-2011-4124

Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：37 | 回复：0