CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-24020

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed UR ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：15 | 回复：0
CVE-2021-26100

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：34 | 回复：0
CVE-2021-26106

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：33 | 回复：0
CVE-2021-32753

EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the sof ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：33 | 回复：0
CVE-2021-33214

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：14 | 回复：0
CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a la ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：15 | 回复：0
CVE-2021-36371

Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSConte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：7 | 回复：0
CVE-2020-25391

A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：4 | 回复：0
CVE-2020-25392

A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the ' ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：13 | 回复：0
CVE-2020-25394

A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Content parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：9 | 回复：0
CVE-2020-25875

A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload enter ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：20 | 回复：0
CVE-2020-25876

A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：23 | 回复：0
CVE-2020-25877

A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：12 | 回复：0
CVE-2020-25878

A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：11 | 回复：0
CVE-2020-25879

A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payloa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：5 | 回复：0
CVE-2020-35984

A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted paylo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：5 | 回复：0
CVE-2020-35985

A stored cross site scripting (XSS) vulnerability in the 'Global Lists feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload en ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：12 | 回复：0
CVE-2020-35986

A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：4 | 回复：0
CVE-2020-35987

A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：9 | 回复：0
CVE-2021-20024

Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory loca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：10 | 回复：0
CVE-2021-35358

A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：13 | 回复：0
CVE-2021-35360

A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：22 | 回复：0
CVE-2021-35361

A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：6 | 回复：0
CVE-2021-29106

A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potential ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：17 | 回复：0
CVE-2021-29107

A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：4 | 回复：0
CVE-2021-29102

A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the syste ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：4 | 回复：0
CVE-2021-29103

A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：18 | 回复：0
CVE-2021-29104

A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：11 | 回复：0
CVE-2021-29105

A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：29 | 回复：0
CVE-2021-26099

Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidenti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：17 | 回复：0
CVE-2021-22515

Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：17 | 回复：0
CVE-2021-22916

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS set ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：15 | 回复：0
CVE-2021-22917

Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：9 | 回复：0
CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：8 | 回复：0
CVE-2021-22921

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：24 | 回复：0
CVE-2021-27293

RestSharp 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：7 | 回复：0
CVE-2021-35037

Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：25 | 回复：0
CVE-2021-3547

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：18 | 回复：0
CVE-2021-30129

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD ve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：10 | 回复：0
CVE-2021-35064

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:23 | 阅读：14 | 回复：0