CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-20496

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：26 | 回复：0
CVE-2021-20497

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：27 | 回复：0
CVE-2021-20498

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system. IBM X-Force ID: 197972.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：36 | 回复：0
CVE-2021-20499

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：34 | 回复：0
CVE-2021-20500

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：41 | 回复：0
CVE-2021-20510

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：31 | 回复：0
CVE-2021-20511

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：38 | 回复：0
CVE-2021-20523

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be use ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：30 | 回复：0
CVE-2021-20524

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：29 | 回复：0
CVE-2021-20533

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：29 | 回复：0
CVE-2021-20534

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：28 | 回复：0
CVE-2021-20537

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：57 | 回复：0
CVE-2021-29699

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：49 | 回复：0
CVE-2021-29742

IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：55 | 回复：0
CVE-2021-34827

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：55 | 回复：0
CVE-2021-34828

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：62 | 回复：0
CVE-2021-34829

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：46 | 回复：0
CVE-2021-34830

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：42 | 回复：0
CVE-2021-32770

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during buil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：56 | 回复：0
CVE-2021-35056

Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：41 | 回复：0
CVE-2020-11632

The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：34 | 回复：0
CVE-2020-11634

The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：41 | 回复：0
CVE-2021-0276

A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：45 | 回复：0
CVE-2021-0277

An Out-of-bounds Read vulnerability in the processing of specially crafted LLDP frames by the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved may allow an att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：60 | 回复：0
CVE-2021-0278

An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 ju ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：37 | 回复：0
CVE-2021-0279

Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operati ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：42 | 回复：0
CVE-2021-0280

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：50 | 回复：0
CVE-2021-0281

On Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI) receipt of a specific packet from the RPKI cache server may cause routing pro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：64 | 回复：0
CVE-2021-0282

On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Serv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:26 | 阅读：39 | 回复：0
CVE-2021-27942

Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effective ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：14 | 回复：0
CVE-2021-32016

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled conten ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：19 | 回复：0
CVE-2021-32018

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：18 | 回复：0
CVE-2021-36622

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/sch ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：13 | 回复：0
CVE-2021-36623

Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：6 | 回复：0
CVE-2021-36654

CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：6 | 回复：0
CVE-2021-30541

Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：16 | 回复：0
CVE-2021-30559

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：16 | 回复：0
CVE-2021-30560

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：48 | 回复：0
CVE-2021-30561

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：30 | 回复：0
CVE-2021-30562

Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0