CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-35302

Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：26 | 回复：0
CVE-2021-35303

Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：36 | 回复：0
CVE-2021-1134

A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitiv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：34 | 回复：0
CVE-2021-31838

A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：23 | 回复：0
CVE-2021-33503

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：55 | 回复：0
CVE-2021-34548

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：24 | 回复：0
CVE-2021-22545

An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：25 | 回复：0
CVE-2021-23400

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：39 | 回复：0
CVE-2021-27577

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE-2021-28690

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for detail ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE-2021-28691

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with qu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE-2021-32565

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：26 | 回复：0
CVE-2021-34549

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE-2021-34550

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descripto ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE-2020-7871

A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty H ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：19 | 回复：0
CVE-2020-7868

A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：26 | 回复：0
CVE-2020-7869

An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the Tight file CMD function to crea ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：22 | 回复：0
CVE-2020-7870

A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：25 | 回复：0
CVE-2021-31160

Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：42 | 回复：0
CVE-2021-31530

Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：11 | 回复：0
CVE-2021-31531

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：13 | 回复：0
CVE-2021-34824

Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from diff ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：51 | 回复：0
CVE-2021-29479

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：46 | 回复：0
CVE-2021-31506

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：24 | 回复：0
CVE-2021-31507

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：18 | 回复：0
CVE-2021-31508

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE-2021-31509

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE-2021-31510

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE-2021-31511

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE-2021-31512

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：38 | 回复：0
CVE-2021-31513

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：42 | 回复：0
CVE-2021-31514

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE-2021-31515

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：47 | 回复：0
CVE-2021-31516

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE-2021-32988

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：34 | 回复：0
CVE-2021-32990

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：34 | 回复：0
CVE-2021-32992

FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：40 | 回复：0
CVE-2021-20101

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE-2021-20102

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0