CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-36213

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, al ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：21 | 回复：0
CVE-2021-33911

Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：12 | 回复：0
CVE-2021-36771

Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：31 | 回复：0
CVE-2021-36772

Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：11 | 回复：0
CVE-2021-36773

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：22 | 回复：0
CVE-2021-33592

NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing ch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：55 | 回复：0
CVE-2021-24436

The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the extension parameter in the Extensions dashboard, which is ou ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：29 | 回复：0
CVE-2021-24447

The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：23 | 回复：0
CVE-2021-24452

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the extension parameter in the Extensions dashboard, when the 'Anonymously trac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：9 | 回复：0
CVE-2021-24453

The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore pot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：13 | 回复：0
CVE-2021-24482

The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Sit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：11 | 回复：0
CVE-2021-33027

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：7 | 回复：0
CVE-2021-33501

Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：13 | 回复：0
CVE-2021-35963

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious scri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：18 | 回复：0
CVE-2021-35964

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access member ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：23 | 回复：0
CVE-2021-35965

The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain adminis ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：16 | 回复：0
CVE-2021-35966

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：5 | 回复：0
CVE-2021-35967

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：8 | 回复：0
CVE-2021-35968

The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：13 | 回复：0
CVE-2021-31216

Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate install ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：10 | 回复：0
CVE-2021-3279

sz.chat version 4 allows injection of web scripts and HTML in the message box.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：14 | 回复：0
CVE-2021-32012

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：16 | 回复：0
CVE-2021-32013

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：19 | 回复：0
CVE-2021-32014

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：27 | 回复：0
CVE-2021-34817

A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：27 | 回复：0
CVE-2021-20108

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：27 | 回复：0
CVE-2021-20109

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：19 | 回复：0
CVE-2021-20110

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP add ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：17 | 回复：0
CVE-2021-35043

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with #00058 as the replacement for ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：10 | 回复：0
CVE-2021-35449

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：14 | 回复：0
CVE-2020-5031

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：15 | 回复：0
CVE-2021-20507

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：32 | 回复：0
CVE-2021-29707

IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：25 | 回复：0
CVE-2021-29780

IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：15 | 回复：0
CVE-2020-20230

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the system ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：15 | 回复：0
CVE-2020-22650

A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：20 | 回复：0
CVE-2020-36421

An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：24 | 回复：0
CVE-2020-36422

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbed ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：12 | 回复：0
CVE-2020-36423

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerato ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：8 | 回复：0
CVE-2020-36424

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：7 | 回复：0