CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-26096

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifical ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE-2021-32706

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the `validDomainWildcard` preg_mat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：33 | 回复：0
CVE-2021-32793

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：41 | 回复：0
CVE-2021-34707

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：36 | 回复：0
CVE-2021-38111

The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE-2021-20028

** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA applianc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE-2021-22124

An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：23 | 回复：0
CVE-2021-24014

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：26 | 回复：0
CVE-2021-32464

An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a speci ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：31 | 回复：0
CVE-2021-32465

An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE-2021-38113

In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE-2020-22352

The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：22 | 回复：0
CVE-2021-34331

A vulnerability has been identified in JT2Go (All versions V13.2), Teamcenter Visualization (All versions V13.2). The Jt981.dll library in affected applications lacks proper validation of user-suppl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：30 | 回复：0
CVE-2021-34332

A vulnerability has been identified in JT2Go (All versions V13.2), Teamcenter Visualization (All versions V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：21 | 回复：0
CVE-2021-34333

A vulnerability has been identified in JT2Go (All versions V13.2), Teamcenter Visualization (All versions V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：18 | 回复：0
CVE-2020-20250

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL point ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE-2021-22399

The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：37 | 回复：0
CVE-2021-22440

There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or direct ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：49 | 回复：0
CVE-2021-31225

SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：35 | 回复：0
CVE-2021-31810

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：24 | 回复：0
CVE-2021-36376

dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：26 | 回复：0
CVE-2021-20593

Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE-2021-31220

SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：31 | 回复：0
CVE-2021-31221

SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：19 | 回复：0
CVE-2021-31222

SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：23 | 回复：0
CVE-2021-31223

SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：21 | 回复：0
CVE-2021-31224

SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：31 | 回复：0
CVE-2021-33578

Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE-2021-35957

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) wit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：63 | 回复：0
CVE-2021-36121

An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：31 | 回复：0
CVE-2021-36122

An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParse_Sup/UnzipFile_Upd.cfm is susceptible to a command argument injection vulnerability when processing remot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：20 | 回复：0
CVE-2021-36123

An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：30 | 回复：0
CVE-2021-36124

An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：38 | 回复：0
CVE-2020-22873

Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：30 | 回复：0
CVE-2020-22874

Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：39 | 回复：0
CVE-2020-22875

Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：41 | 回复：0
CVE-2020-22876

Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：41 | 回复：0
CVE-2020-22882

Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE-2020-22884

Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：30 | 回复：0
CVE-2020-22885

Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：21 | 回复：0