CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-22223

Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：19 | 回复：0
CVE-2021-22228

An issue has been discovered in GitLab affecting all versions. Improper access control allows unauthorised users to access project details using Graphql.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2021-35039

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE-2021-20738

WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：18 | 回复：0
CVE-2021-20739

WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：23 | 回复：0
CVE-2021-20776

Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：21 | 回复：0
CVE-2021-20777

Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：6 | 回复：0
CVE-2021-20779

Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE-2021-20780

Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：8 | 回复：0
CVE-2021-22227

A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：8 | 回复：0
CVE-2021-22230

Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：5 | 回复：0
CVE-2021-22231

A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE-2021-26035

An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：13 | 回复：0
CVE-2021-26036

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：5 | 回复：0
CVE-2021-26037

An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2021-26038

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：5 | 回复：0
CVE-2021-26039

An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：26 | 回复：0
CVE-2021-22224

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：7 | 回复：0
CVE-2021-22225

Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2021-22555

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE-2021-25952

Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：6 | 回复：0
CVE-2021-34620

The WP Fluent Forms plugin 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2021-34621

A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an admin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE-2021-34622

A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2021-34623

A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：21 | 回复：0
CVE-2021-34624

A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：27 | 回复：0
CVE-2021-34625

A vulnerability in the saveCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to inject arbitrary web scripts. This issue affects versions 2.2.3 and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：34 | 回复：0
CVE-2021-34626

A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：23 | 回复：0
CVE-2021-34627

A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：28 | 回复：0
CVE-2021-36212

app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：21 | 回复：0
CVE-2020-20211

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an ass ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE-2020-20212

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE-2020-20213

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：25 | 回复：0
CVE-2020-20215

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE-2020-20216

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE-2020-20225

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an asse ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：18 | 回复：0
CVE-2020-24038

myFax version 229 logs sensitive information in the export log module which allows any user to access critical information.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：26 | 回复：0
CVE-2020-24141

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote pa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：33 | 回复：0
CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web appl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE-2020-24143

Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk- ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：24 | 回复：0