CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-20103

Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：45 | 回复：0
CVE-2021-20104

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：42 | 回复：0
CVE-2021-20105

Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improperly sanitized 'ref' parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：37 | 回复：0
CVE-2021-20477

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：46 | 回复：0
CVE-2021-20490

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：37 | 回复：0
CVE-2021-20580

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：38 | 回复：0
CVE-2021-21871

A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malici ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：32 | 回复：0
CVE-2020-21394

SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：44 | 回复：0
CVE-2021-22119

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Autho ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE-2020-18066

Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：26 | 回复：0
CVE-2021-23275

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Serve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：41 | 回复：0
CVE-2021-28830

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：35 | 回复：0
CVE-2021-20079

Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gainin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE-2021-22338

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE-2021-22340

There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this v ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE-2021-22439

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：44 | 回复：0
CVE-2021-29480

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an at ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：29 | 回复：0
CVE-2021-29481

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：31 | 回复：0
CVE-2021-29485

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：43 | 回复：0
CVE-2021-32721

PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing sla ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：80 | 回复：0
CVE-2021-22329

There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：23 | 回复：0
CVE-2021-22341

There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：28 | 回复：0
CVE-2021-35941

Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE-2021-35958

** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：34 | 回复：0
CVE-2021-35959

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：42 | 回复：0
CVE-2021-32566

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：29 | 回复：0
CVE-2021-32567

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：34 | 回复：0
CVE-2021-35474

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：55 | 回复：0
CVE-2019-18906

A Use of Password Hash Instead of Password for Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hash ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：33 | 回复：0
CVE-2021-25321

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 all ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：47 | 回复：0
CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, as ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：40 | 回复：0
CVE-2021-28693

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive da ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：37 | 回复：0
CVE-2021-30648

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：46 | 回复：0
CVE-2021-31721

Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0
CVE-2021-34373

Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：30 | 回复：0
CVE-2021-34374

Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：25 | 回复：0
CVE-2021-34375

Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalation ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：46 | 回复：0
CVE-2021-34376

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to denial of se ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：24 | 回复：0
CVE-2021-34377

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to escalation o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：14 | 回复：0
CVE-2021-34378

Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to information ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:53 | 阅读：27 | 回复：0