CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2011-4125

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：46 | 回复：0
CVE-2011-4126

Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：54 | 回复：0
CVE-2011-4574

PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：52 | 回复：0
CVE-2020-7867

An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：59 | 回复：0
CVE-2021-26610

The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：73 | 回复：0
CVE-2021-32951

WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：49 | 回复：0
CVE-2021-35233

The HTTP TRACK TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：40 | 回复：0
CVE-2021-35235

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NE ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：51 | 回复：0
CVE-2021-35236

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secur ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：53 | 回复：0
CVE-2021-37122

There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：44 | 回复：0
CVE-2021-37124

There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：36 | 回复：0
CVE-2021-37127

There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerabi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：40 | 回复：0
CVE-2021-37129

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cau ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：52 | 回复：0
CVE-2021-37130

There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：37 | 回复：0
CVE-2021-37131

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：42 | 回复：0
CVE-2021-38450

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：46 | 回复：0
CVE-2021-34580

In mymbCONNECT24, mbCONNECT24 = 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：42 | 回复：0
CVE-2021-41872

Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：54 | 回复：0
CVE-2020-24932

An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：44 | 回复：0
CVE-2021-41589

In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default config ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：40 | 回复：0
CVE-2021-41590

In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：41 | 回复：0
CVE-2021-41619

An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (availab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：44 | 回复：0
CVE-2021-22101

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP reque ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：50 | 回复：0
CVE-2021-36756

CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：51 | 回复：0
CVE-2021-37221

A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option customer create option, which could let a remote malicious user upload a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：51 | 回复：0
CVE-2021-38379

The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：41 | 回复：0
CVE-2021-20526

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：45 | 回复：0
CVE-2021-29673

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：36 | 回复：0
CVE-2021-29713

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：58 | 回复：0
CVE-2021-29774

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：69 | 回复：0
CVE-2021-29786

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：54 | 回复：0
CVE-2021-29844

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：28 | 回复：0
CVE-2021-29868

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：35 | 回复：0
CVE-2021-37803

An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php .……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：38 | 回复：0
CVE-2021-37805

A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：34 | 回复：0
CVE-2021-37806

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Base ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：25 | 回复：0
CVE-2021-37807

An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user&#3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：27 | 回复：0
CVE-2021-37808

SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：37 | 回复：0
CVE-2021-3900

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：46 | 回复：0
CVE-2021-34754

Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:16 | 阅读：33 | 回复：0