CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-36425

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：12 | 回复：0
CVE-2020-36426

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：10 | 回复：0
CVE-2020-36427

GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：18 | 回复：0
CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：13 | 回复：0
CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：5 | 回复：0
CVE-2021-36797

** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical access to the device. NOTE: the vendor disagrees with the reporter's opinion about ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：20 | 回复：0
CVE-2021-36799

** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：57 | 回复：0
CVE-2020-20248

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the sys ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：13 | 回复：0
CVE-2020-20249

Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：7 | 回复：0
CVE-2021-34820

Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：8 | 回复：0
CVE-2021-34821

Cross Site Scripting (XSS) vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：12 | 回复：0
CVE-2020-22741

An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：30 | 回复：0
CVE-2021-31590

PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：9 | 回复：0
CVE-2021-34617

A remote cross-site scripting (XSS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below; Aruba Instant 6.5.x: ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：8 | 回复：0
CVE-2021-34618

A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：10 | 回复：0
CVE-2021-32760

containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：11 | 回复：0
CVE-2021-3135

An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：14 | 回复：0
CVE-2020-29499

Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：13 | 回复：0
CVE-2020-29503

Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：11 | 回复：0
CVE-2020-24829

An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：33 | 回复：0
CVE-2021-38114

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：24 | 回复：0
CVE-2021-38115

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：28 | 回复：0
CVE-2021-31867

Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the applicatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：8 | 回复：0
CVE-2021-31869

Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：17 | 回复：0
CVE-2021-36800

Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items that incl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：15 | 回复：0
CVE-2021-36801

Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies. This issue was fixed in version 2.1.13 of the product.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：29 | 回复：0
CVE-2021-36802

Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：36 | 回复：0
CVE-2021-36803

Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：16 | 回复：0
CVE-2021-36804

Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：24 | 回复：0
CVE-2021-36805

Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：31 | 回复：0
CVE-2021-3539

EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：30 | 回复：0
CVE-2021-32598

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：14 | 回复：0
CVE-2021-32603

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and au ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：17 | 回复：0
CVE-2021-38095

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：15 | 回复：0
CVE-2021-37604

In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. Wit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：45 | 回复：0
CVE-2021-37605

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：18 | 回复：0
CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：24 | 回复：0
CVE-2020-22732

CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions Fie Picker..……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：32 | 回复：0
CVE-2021-37625

Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：40 | 回复：0
CVE-2021-21738

ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：33 | 回复：0