CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-32535

The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：24 | 回复：0
CVE-2021-32537

Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a userâ€™s mode. Due to unexpected commands, the kernel driver ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：18 | 回复：0
CVE-2021-32538

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrict ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：18 | 回复：0
CVE-2021-35451

In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：24 | 回复：0
CVE-2021-28931

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：28 | 回复：0
CVE-2021-31925

Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：17 | 回复：0
CVE-2021-33215

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：17 | 回复：0
CVE-2021-33216

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：22 | 回复：0
CVE-2021-33217

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：20 | 回复：0
CVE-2021-33218

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：27 | 回复：0
CVE-2021-33219

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：18 | 回复：0
CVE-2021-33220

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE-2021-33221

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：29 | 回复：0
CVE-2021-20378

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 19570 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：21 | 回复：0
CVE-2021-20379

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE-2021-20415

IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE-2021-20416

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE-2021-20417

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：5 | 回复：0
CVE-2021-20474

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：8 | 回复：0
CVE-2021-21786

A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE-2021-21787

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：5 | 回复：0
CVE-2021-21788

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：5 | 回复：0
CVE-2021-21789

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：5 | 回复：0
CVE-2021-29759

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：10 | 回复：0
CVE-2021-36217

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3502. Reason: This candidate is a duplicate of CVE-2021-3502. Notes: All CVE users should reference CVE-2021-3502 instead of this ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE-2020-23700

Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：5 | 回复：0
CVE-2020-23702

Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE-2021-32714

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：12 | 回复：0
CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：29 | 回复：0
CVE-2007-5002

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：17 | 回复：0
CVE-2008-1879

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE-2021-21775

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：20 | 回复：0
CVE-2021-21807

An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：10 | 回复：0
CVE-2021-28809

An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating sys ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0
CVE-2021-21821

A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE-2021-31816

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：6 | 回复：0
CVE-2021-31817

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：16 | 回复：0
CVE-2021-32461

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer ov ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：30 | 回复：0
CVE-2021-32462

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to mani ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0